Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner will 40 TANs bei Postbank-Konto

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.08.2010, 22:48   #1
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo an alle Leser,

wie bei ein paar anderen Usern habe ich auch ein Problem beim Online-Banking, allerdings bei der Postbank.

Folgender Text erscheint mit den Feldern für die Tan-Eingabe:
"Zur Zeit befindet sich eine neue Online Banking Anwendung in der Testphase, wodurch einige Kundendaten teilweise beschädigt wurden. Aus diesem Grund bitten wir Sie, 40 TAN's einzugeben, damit Sie Online Banking weiterhin nutzen könnten."

Ich hoffe, mir kann jemand helfen!!!

Vielen Dank schon mal!


Beim OTL-Systemscan kam folgendes heraus:
(OTL.txt)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.08.2010 23:42:04 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 664,90 Gb Free Space | 72,95% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,94 Gb Free Space | 44,69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,79 Gb Total Space | 1,56 Gb Free Space | 41,26% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 596,17 Gb Total Space | 536,20 Gb Free Space | 89,94% Space Free | Partition Type: NTFS
 
Computer Name: FRIEDRICH
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\MobileMeServices.exe (Apple Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Dell Printers\paperport\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
PRC - C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
PRC - C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe (DeTeWe AG & Co.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (DLSDB) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
SRV - (DLPWD) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100802.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100802.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100730.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\HomeCinema\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)
DRV - (crlscsi) -- C:\Windows\System32\drivers\crlscsi.sys (Corel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.26 00:11:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.05.01 16:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 10:56:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.02 13:46:14 | 000,000,000 | ---D | M]
 
[2009.08.24 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.07.06 15:22:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0uha01la.default\extensions
[2009.08.26 21:05:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0uha01la.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.02 21:51:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dell MFP Color Laser Printer 3115cn Launcher] C:\Program Files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe (Dell Inc.)
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Dell Printers\paperport\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Dell Printers\paperport\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [pdfSaver3]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_16_Plus_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{12877358-7964-0725-C41E-A74282570AA2}] C:\Users\***\AppData\Roaming\Yhqed\ufby.exe (Yl Qovtx Umksqux)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0;  File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4889e115-72d5-11df-a1b9-00242178a878}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{b7b85f4d-a43c-11de-8510-00242178a878}\Shell\Open(&0)\command - "" = J:\Recycled\ctfmon.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.02 23:41:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.02 22:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010.08.02 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yahoo!
[2010.08.02 22:57:54 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2010.08.02 22:57:47 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.02 22:17:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.02 21:54:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.02 21:53:49 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.08.02 18:30:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2010.07.23 20:44:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.07.23 20:44:19 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.07.23 20:43:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.22 00:40:08 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010.07.22 00:40:08 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2010.07.22 00:40:06 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2010.07.22 00:40:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2010.07.22 00:40:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2010.07.13 22:49:24 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.07.11 16:21:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads
[2010.07.06 15:36:26 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.02 23:42:39 | 004,194,304 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.02 23:41:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.02 23:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.02 22:57:52 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.02 22:49:22 | 000,029,184 | ---- | M] () -- C:\Users\***\Desktop\PW.xls
[2010.08.02 22:27:46 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.02 22:25:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.02 22:25:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 22:25:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 22:25:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.02 22:25:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.02 22:25:12 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.02 22:22:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.02 22:22:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.02 22:22:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.02 22:22:05 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.02 22:22:05 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.02 21:58:55 | 000,000,947 | ---- | M] () -- C:\Users\***\Desktop\mbam - Verknüpfung.lnk
[2010.08.02 21:53:50 | 000,000,774 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.08.02 21:53:50 | 000,000,755 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.08.02 21:49:47 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.02 21:49:47 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.02 20:22:30 | 003,607,803 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.02 18:30:13 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.07.30 21:00:39 | 000,809,283 | ---- | M] () -- C:\Users\***\Desktop\IMG_9549.jpg
[2010.07.28 20:49:30 | 000,058,880 | ---- | M] () -- C:\Users\***\Desktop\Kursmanager_01.xls
[2010.07.27 19:59:01 | 000,035,328 | ---- | M] () -- C:\Users\***\Desktop\Geschichte Palettis 07-27.doc
[2010.07.25 17:52:02 | 000,025,600 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.22 00:40:11 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2010.07.18 22:06:02 | 000,049,539 | ---- | M] () -- C:\Users\***\Desktop\Pyramide - kleiner4.jpg
[2010.07.18 22:04:19 | 000,048,628 | ---- | M] () -- C:\Users\***\Desktop\Pyramide - kleiner3.jpg
[2010.07.18 21:54:45 | 000,049,816 | ---- | M] () -- C:\Users\***\Desktop\Pyramide - kleiner2.jpg
[2010.07.18 21:54:09 | 000,052,764 | ---- | M] () -- C:\Users\***\Desktop\Pyramide - kleiner1.jpg
[2010.07.18 21:53:28 | 000,054,751 | ---- | M] () -- C:\Users\***\Desktop\Pyramide - kleiner.jpg
[2010.07.18 21:25:11 | 000,192,359 | ---- | M] () -- C:\Users\***\Desktop\4804413730_bf9f778635.jpg
[2010.07.17 00:50:46 | 000,011,045 | ---- | M] () -- C:\Users\***\Desktop\Zertifikat_Jug-2.gif
[2010.07.17 00:30:20 | 000,004,741 | ---- | M] () -- C:\Users\***\Desktop\Paletti-Logo_Startseite_3.gif
[2010.07.17 00:29:06 | 000,009,993 | ---- | M] () -- C:\Users\***\Desktop\Wir-sind-dabei Webseite2.gif
[2010.07.17 00:27:58 | 000,003,867 | ---- | M] () -- C:\Users\***\Desktop\Wir-sind-dabei Webseite_kl1.gif
[2010.07.17 00:26:55 | 000,003,867 | ---- | M] () -- C:\Users\***\Desktop\Wir-sind-dabei Webseite_kl.gif
[2010.07.16 15:14:48 | 000,011,594 | ---- | M] () -- C:\Users\***\Desktop\Paletti-Logo_Startseite_2.gif
[2010.07.15 01:14:39 | 000,039,389 | ---- | M] () -- C:\Users\***\Desktop\Info038.pdf
[2010.07.12 00:11:29 | 000,043,008 | ---- | M] () -- C:\Users\***\Desktop\Stundennachweise 2010.xls
[2010.07.11 16:13:22 | 000,023,040 | ---- | M] () -- C:\Users\***\Desktop\Kostüme Palettinis 10-07-07.xls
 
========== Files Created - No Company Name ==========
 
[2010.08.02 22:57:52 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.02 22:09:06 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.08.02 21:58:55 | 000,000,947 | ---- | C] () -- C:\Users\***\Desktop\mbam - Verknüpfung.lnk
[2010.08.02 21:53:50 | 000,000,774 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.08.02 21:53:50 | 000,000,755 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.08.02 18:30:13 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.07.30 21:00:38 | 000,809,283 | ---- | C] () -- C:\Users\***\Desktop\IMG_9549.jpg
[2010.07.28 23:12:32 | 000,058,880 | ---- | C] () -- C:\Users\***\Desktop\Kursmanager_01.xls
[2010.07.28 23:12:32 | 000,035,328 | ---- | C] () -- C:\Users\***\Desktop\Geschichte Palettis 07-27.doc
[2010.07.22 00:40:11 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2010.07.22 00:40:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.07.18 22:06:02 | 000,049,539 | ---- | C] () -- C:\Users\***\Desktop\Pyramide - kleiner4.jpg
[2010.07.18 22:04:19 | 000,048,628 | ---- | C] () -- C:\Users\***\Desktop\Pyramide - kleiner3.jpg
[2010.07.18 21:54:45 | 000,049,816 | ---- | C] () -- C:\Users\***\Desktop\Pyramide - kleiner2.jpg
[2010.07.18 21:54:09 | 000,052,764 | ---- | C] () -- C:\Users\***\Desktop\Pyramide - kleiner1.jpg
[2010.07.18 21:53:28 | 000,054,751 | ---- | C] () -- C:\Users\***\Desktop\Pyramide - kleiner.jpg
[2010.07.18 21:25:45 | 000,192,359 | ---- | C] () -- C:\Users\***\Desktop\4804413730_bf9f778635.jpg
[2010.07.17 00:50:46 | 000,011,045 | ---- | C] () -- C:\Users\***\Desktop\Zertifikat_Jug-2.gif
[2010.07.17 00:30:20 | 000,004,741 | ---- | C] () -- C:\Users\***\Desktop\Paletti-Logo_Startseite_3.gif
[2010.07.17 00:29:58 | 000,011,594 | ---- | C] () -- C:\Users\***\Desktop\Paletti-Logo_Startseite_2.gif
[2010.07.17 00:29:06 | 000,009,993 | ---- | C] () -- C:\Users\***\Desktop\Wir-sind-dabei Webseite2.gif
[2010.07.17 00:27:58 | 000,003,867 | ---- | C] () -- C:\Users\***\Desktop\Wir-sind-dabei Webseite_kl1.gif
[2010.07.17 00:22:25 | 000,003,867 | ---- | C] () -- C:\Users\***\Desktop\Wir-sind-dabei Webseite_kl.gif
[2010.07.15 01:14:38 | 000,039,389 | ---- | C] () -- C:\Users\***\Desktop\Info038.pdf
[2010.07.11 23:08:30 | 000,023,040 | ---- | C] () -- C:\Users\***\Desktop\Kostüme Palettinis 10-07-07.xls
[2010.04.16 20:36:10 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2010.02.24 13:05:39 | 000,000,633 | ---- | C] () -- C:\Windows\mannh01.ini
[2009.12.12 19:25:35 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.09.17 15:41:18 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
[2009.09.17 15:29:17 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.09.17 02:01:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.24 11:17:33 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
[2009.08.24 11:17:27 | 001,371,436 | R--- | C] () -- C:\Windows\System32\VBAR2132.DLL
[2009.08.24 11:07:21 | 000,000,102 | ---- | C] () -- C:\Windows\texture.ini
[2009.08.24 10:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\VideodeLuxe.INI
[2009.08.24 10:06:37 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.08.24 10:06:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.08.24 09:50:42 | 000,007,256 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.08.24 00:02:20 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.06.19 12:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
[2009.10.31 01:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.07.17 08:13:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2010.01.31 23:31:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2009.09.12 11:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe_Limited
[2009.11.27 01:49:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.08.02 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqi
[2010.04.11 23:25:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskSpaceFan
[2010.08.02 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2009.11.30 01:46:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kernel Recovery for iPod(Demo)
[2009.10.19 23:58:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2009.11.25 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.11.25 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.05.01 18:22:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Public Sync
[2009.09.15 00:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2010.03.07 17:45:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.10.08 23:55:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
[2009.11.09 23:58:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yhqed
[2010.08.02 21:49:48 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 7400 bytes -> C:\Users\***\Desktop\ARAG-Sport24.url:Q30lsldxJoudresxAaaqpcawXc
< End of report >
         
--- --- ---




und bei EXTRA-txt:



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.08.2010 23:42:04 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 664,90 Gb Free Space | 72,95% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,94 Gb Free Space | 44,69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,79 Gb Total Space | 1,56 Gb Free Space | 41,26% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 596,17 Gb Total Space | 536,20 Gb Free Space | 89,94% Space Free | Partition Type: NTFS
 
Computer Name: FRIEDRICH
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C10729D-8FDB-47CD-B277-EDA4A862BA0A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{25905FC7-C8A6-4630-8A70-9E1FDE6F4C34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3195871F-188E-4474-859A-DBFF44DBB0CD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{385EFB6A-AA70-4555-B02E-0C860D2E2EC2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5182DAEB-BEA2-410E-AC4E-A290709A4EAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{56696065-60CE-4100-BBC1-68EBE5C1C3B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{56C000AE-4A98-4D60-BFF5-1DC20075D40E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5FE781E3-9D60-44B6-85F7-6B0548CEABF7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9675694A-1D1C-4BDE-92F0-A8675C721882}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C10A6AC2-9D7E-4763-BFB9-9192C0967694}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C3927D80-FFD0-4A87-B705-DF4EEED25D90}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CFB840A8-D08F-47E1-B70F-D25F524D055D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DC4DD1D2-1898-4050-AD73-2B2AB8FC9803}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B1A3A3-E6F9-4601-A3B3-B8CEE05BE901}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{05811D52-9F86-45BE-AA64-E763A75403AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{075E972E-C8BD-40B1-AD6C-FAEE64CE3520}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0DE75439-715F-4E00-89C9-497A475E09B0}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{36318E9E-6E05-412E-BEE5-BE479FF9A011}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{369AD766-7E53-4AD4-9F8C-299296EE0D57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{44E3F3DA-D2F3-46F4-954A-4CD56F505E7E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{4974A401-2913-4506-A192-C6AD02CF9B54}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4E6B0A24-9627-4900-A8FE-8CB93E1BBCE6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5B46585A-C0E7-4CCB-82FE-0B402D6E2D8A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{5C5D76A8-3840-4349-97B5-C5C189D9C722}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe | 
"{5E1D6FBE-B941-4046-A2CC-019BB466F477}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{752EA189-B159-45F3-9A3A-447050E90A66}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{80FBF179-DFFD-448F-9864-1757225202F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{89132572-34FB-4EEE-881F-555CC24ACF34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9383A347-361C-408D-975D-FF6F4FE82735}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A0313B40-3CE9-4DF5-8D92-AC520BE78157}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AB5C6C2D-BF14-44A4-9CA2-C04CA1821D13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BDA30BF2-C41B-43AB-98ED-F5E0CEBCFB9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C1C19EEC-FE63-4DEC-9F9D-C7FD31AEE4DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C6EB1591-5865-4589-89C2-E3915E42F284}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{CAC1A2DB-443E-4BB2-9FC9-A7E99052CE13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E441FDC0-8730-49A2-B648-10FA6AF7AE5E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F733439D-C79B-4841-BB82-9F87452839FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CEBAE9-5752-414A-86BC-170154E30E2A}" = Dell MFP Laser 3115cn Dienstprogramme Ver.1.0.2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8DA7286C-FBF6-48E4-A24A-FA9481EF4C0F}" = Dell MFP Laser 3115cn ScanButton-Manager Ver.1.1.0.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A0FD334C-D76E-4698-AB10-82EFEE5E1A5A}" = Mindjet MindManager Pro 6
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C87DEAF3-0964-419F-B747-DFBB5E8F0279}" = ScanSoft PaperPort 11
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FDEC0704-D15E-4DB8-A624-2256DD4C65D7}" = Dell MFP Laser 3115cn Scanner-Treiber
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Aquarium3D" = Aquarium 3D
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"Disk Space Fan_is1" = Disk Space Fan 1.4.4.1
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus Download-Version D" = MAGIX Video deluxe 16 Plus Download-Version 9.0.0.55 (D)
"MAGIX Video deLuxe 2006 D" = MAGIX Video deLuxe 2006 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MyCamera" = Canon Utilities MyCamera
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"OutlookExpressDatensicherung" = OEBackup - Outlook Express Datensicherung (Testversion)
"OUTLOOKR" = Microsoft Office Outlook 2007
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Public SyncTool_is1" = Public SyncTool 1.2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ST6UNST #1" = Outlook Express Quick Backup
"ST6UNST #2" = Outlook Express Freebie Backup
"Sweepi_is1" = Sweepi 5.4.00
"VLC media player" = VLC media player 1.0.1
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2010 16:15:20 | Computer Name = Friedrich | Source = Perflib | ID = 1010
Description = 
 
Error - 02.08.2010 16:18:01 | Computer Name = Friedrich | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2010 16:25:19 | Computer Name = Friedrich | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2010 17:26:49 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.08.2010 17:27:12 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.08.2010 17:27:12 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.08.2010 17:33:29 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.08.2010 17:33:29 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.08.2010 17:33:42 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.08.2010 17:33:53 | Computer Name = Friedrich | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 11.09.2009 16:34:22 | Computer Name = Friedrich | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 27.10.2009 18:37:59 | Computer Name = Friedrich | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 623
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 08.11.2009 14:58:40 | Computer Name = Friedrich | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3574
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 04.12.2009 16:44:10 | Computer Name = Friedrich | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 114
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 11.02.2010 18:35:11 | Computer Name = Friedrich | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5127
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2010 08:37:50 | Computer Name = Friedrich | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98642
 seconds with 4440 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.07.2010 16:36:13 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 23.07.2010 16:36:16 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 28.07.2010 17:06:39 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 28.07.2010 17:06:51 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 28.07.2010 17:06:55 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 28.07.2010 17:21:34 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 28.07.2010 17:21:44 | Computer Name = Friedrich | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 02.08.2010 15:48:39 | Computer Name = Friedrich | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.08.2010 16:17:57 | Computer Name = Friedrich | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.08.2010 um 22:15:46 unerwartet heruntergefahren.
 
Error - 02.08.2010 16:25:15 | Computer Name = Friedrich | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.08.2010 um 22:22:49 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

Alt 03.08.2010, 12:42   #2
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



rufe sofort die bank an, teile ihnen das problem mit.

es wäre auch wichtig, dich mal über etwas sichereres beraten zu lassen, kein pin/tan verfahren, das ist das unsicherste was es gibt.
desweiteren solltest du dir überlegen, den pc platt zu machen (formatieren) dann kannst du dir wieder 100 %ig sicher sein, dass alles io ist.

teile mir mit, wie du verfahren möchtest, auch wenn du nicht formatierst, möchte ich nen blick aufs system werfen.

1. deinstaliere spybot, das behindert die arbeit. außerdem hast du schon den windows defender.
starte neu.
2. norton ist veraltet, aktuell ist 2010 es ist wichtig, sich immer die neueste version des antivirus programms zu hohlen, da es da immer verbesserungen gibt

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [{12877358-7964-0725-C41E-A74282570AA2}] C:\Users\***\AppData\Roaming\Yhqed\ufby.exe (Yl Qovtx Umksqux)
[2010.08.02 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqi
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

nutze den ccleaner, bereinige dateien + registry:
http://www.trojaner-board.de/51464-a...-ccleaner.html
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
danach schalte den hintergrundwächter von norton aus.
öffne arbeitsplatz (mein computer)
dort c:
da siehst du einmal _OTL
rechtsklick, und zu _OTL.rar oder zip hinzufügen.
das selbe mit qoobox.
die beiden archive an uns hochladen
http://www.trojaner-board.de/54791-a...ner-board.html
und bescheid geben wenn fertig
__________________


Alt 03.08.2010, 15:02   #3
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo markusg,
vielen Dank für Deine Antwort!
Ich hoffe, dass ich bisher alles richtig gemacht habe.

Die Bank ist informiert und schickt gleich neue Zugangsdaten.

Platt machen will ich den Rechner nur sehr ungern, da ich nicht wirklich Zeit dazu habe.

Spybot ist deinstalliert.
Norton ist aktuell, per online-Abo auf dem neuesten Stand, die Ursprungsversion ist von 2009.

Hier das OTL-Text-Dokument:

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [{12877358-7964-0725-C41E-A74282570AA2}] C:\Users\***\AppData\Roaming\Yhqed\ufby.exe (Yl Qovtx Umksqux)> in the current context!
Error: Unable to interpret <[2010.08.02 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqi> in the current context!
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: ***
->Flash cache emptied: 615 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 7387187 bytes
->Temporary Internet Files folder emptied: 8694389 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
RecycleBin emptied: 676260235 bytes

Total Files Cleaned = 660,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08032010_145326

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET4FB4.tmp not found!

Registry entries deleted on Reboot...



ccleaner ist durchgeführt wie von Dir beschrieben.


Hier das Combofix-Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-02.03 - *** 03.08.2010  15:28:50.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2045 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\***\AppData\Roaming\Yhqed\ufby.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-03 bis 2010-08-03  ))))))))))))))))))))))))))))))
.

2010-08-03 13:39 . 2010-08-03 13:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-03 13:39 . 2010-08-03 13:39	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-08-02 19:53 . 2010-08-02 19:54	--------	d-----w-	c:\program files\ERUNT
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iPod
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iTunes
2010-07-21 22:40 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-07-21 22:40 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-07-21 22:40 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-07-21 22:40 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-07-13 20:49 . 2010-07-13 20:49	--------	d--h--w-	c:\windows\PIF
2010-07-06 13:36 . 2010-07-06 13:36	--------	d-----w-	c:\program files\MSECache

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 13:37 . 2010-06-09 22:02	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-03 13:37 . 2009-11-09 21:58	--------	d-----w-	c:\users\***\AppData\Roaming\Yhqed
2010-08-03 13:07 . 2010-08-02 20:57	--------	d-----w-	c:\program files\CCleaner
2010-08-03 13:05 . 2009-07-06 04:40	--------	d-----w-	c:\users\***\AppData\Roaming\Cyqi
2010-08-03 12:58 . 2010-01-30 15:39	--------	d-----w-	c:\users\***\AppData\Roaming\Dropbox
2010-08-03 12:47 . 2009-08-24 18:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\program files\Yahoo!
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\users\***\AppData\Roaming\Yahoo!
2010-08-02 20:22 . 2009-03-26 00:13	618204	----a-w-	c:\windows\system32\perfh007.dat
2010-08-02 20:22 . 2009-03-26 00:13	122636	----a-w-	c:\windows\system32\perfc007.dat
2010-07-23 18:44 . 2009-06-19 16:12	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 22:40 . 2010-06-09 22:01	--------	d-----w-	c:\program files\PDFCreator
2010-07-17 06:13 . 2009-07-08 19:01	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2010-07-14 13:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-11 21:02 . 2009-09-11 15:10	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2010-07-02 11:45 . 2009-04-02 14:42	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-21 13:01 . 2009-06-19 16:15	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-20 22:25 . 2010-06-20 22:25	--------	d-----w-	c:\program files\Bonjour
2010-06-19 10:05 . 2010-04-16 19:10	--------	d-----w-	c:\users\***\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-09 22:02 . 2010-06-09 22:02	--------	d-----w-	c:\program files\Application Updater
2010-06-08 21:32 . 2009-09-14 17:12	408456	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 21:32 . 2010-06-08 21:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-07 15:48 . 2009-03-25 17:08	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-28 22:45 . 2009-06-19 16:02	408456	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 17:06 . 2010-06-11 11:37	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:37	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2009-03-11 14:14 . 2009-03-11 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-09 639896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2008-04-02 29984]
"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2008-04-02 46368]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-26 113664]
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-4-16 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
REM [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 10:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,c0,db,bc,66,37,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Uxsmasx;Uxsmasx; [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 crlscsi;crlscsi; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100802.001\IDSvix86.sys [2010-05-28 344112]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 15:59]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0uha01la.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-{12877358-7964-0725-C41E-A74282570AA2} - c:\users\***\AppData\Roaming\Yhqed\ufby.exe
HKLM-Run-pdfSaver3 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-03 15:39
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-08-03  15:45:51
ComboFix-quarantined-files.txt  2010-08-03 13:45

Vor Suchlauf: 15 Verzeichnis(se), 713.919.389.696 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 713.827.647.488 Bytes frei

- - End Of File - - D7799A8C968A8D18B6C230EF02DB29AB
         
--- --- ---



So, und die beiden _OTL.zip und Qoobox.zip sollten jetzt auch hochgeladen sein.

Vielen Dank nochmals für Deine Zeit markusg!
__________________

Alt 03.08.2010, 18:01   #4
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



wirst du dich auch über sichereres online banking informieren, diesmal ists noch gut gegangen, aber trojaner werden immer besser....

Start, programme, zubehör, kopiere rein:

Folder::
c:\users\***\AppData\Roaming\Cyqi
Driver::
Uxsmasx
crlscsi


datei speichern unter, typ, alle dateien, name
cfscript.txt
speicherort, dort wo sich combofix.exe befindet.
ziehe cfscript auf combofix, programm startet, log posten.

Alt 03.08.2010, 18:12   #5
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo markusg!

Leider verstehe ich nicht ganz, was ich machen soll:

Start, programme, zubehör, kopiere rein:

Folder::
c:\users\***\AppData\Roaming\Cyqi
Driver::
Uxsmasx
crlscsi

Wo soll ich das genau reinkopieren, und was genau? Ab "Folder"? In den Editor?
Wenn ich bei Start auf "Alle Programme" und dann "Zubehör" gehe, kann ich nichts reinkopieren...

Sorry...


Alt 03.08.2010, 18:27   #6
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



sorry
klicke start, programme, alle programme, zubehör, editor, und dort das geschriebene reinkopieren

Alt 03.08.2010, 19:04   #7
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo markusg,
hier das Logfile.
Danke und Grüße

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-02.03 - *** 03.08.2010  19:39:22.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.1680 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Cyqi
c:\users\***\AppData\Roaming\Yhqed\ufby.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CRLSCSI
-------\Service_crlscsi
-------\Service_Uxsmasx


(((((((((((((((((((((((   Dateien erstellt von 2010-07-03 bis 2010-08-03  ))))))))))))))))))))))))))))))
.

2010-08-03 17:49 . 2010-08-03 17:49	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-03 17:49 . 2010-08-03 17:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-03 17:49 . 2010-08-03 17:49	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-08-03 17:33 . 2010-08-03 17:33	--------	d-----w-	C:\32788R22FWJFW
2010-08-03 13:58 . 2010-08-03 13:58	776870	----a-w-	C:\Qoobox.zip
2010-08-03 13:58 . 2010-08-03 13:58	1334	----a-w-	C:\_OTL.zip
2010-08-03 12:53 . 2010-08-03 12:53	--------	d-----w-	C:\_OTL
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\users\***\AppData\Roaming\Yahoo!
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\program files\Yahoo!
2010-08-02 20:57 . 2010-08-03 13:07	--------	d-----w-	c:\program files\CCleaner
2010-08-02 19:53 . 2010-08-02 19:54	--------	d-----w-	c:\program files\ERUNT
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iPod
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iTunes
2010-07-21 22:40 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-07-21 22:40 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-07-21 22:40 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-07-21 22:40 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-07-13 20:49 . 2010-07-13 20:49	--------	d--h--w-	c:\windows\PIF
2010-07-06 13:36 . 2010-07-06 13:36	--------	d-----w-	c:\program files\MSECache

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 15:21 . 2010-01-30 15:39	--------	d-----w-	c:\users\***\AppData\Roaming\Dropbox
2010-08-03 14:07 . 2009-03-26 00:13	621714	----a-w-	c:\windows\system32\perfh007.dat
2010-08-03 14:07 . 2009-03-26 00:13	123646	----a-w-	c:\windows\system32\perfc007.dat
2010-08-03 13:37 . 2010-06-09 22:02	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-03 13:37 . 2009-11-09 21:58	--------	d-----w-	c:\users\***\AppData\Roaming\Yhqed
2010-08-03 12:47 . 2009-08-24 18:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-23 18:44 . 2009-06-19 16:12	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 22:40 . 2010-06-09 22:01	--------	d-----w-	c:\program files\PDFCreator
2010-07-17 06:13 . 2009-07-08 19:01	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2010-07-14 13:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-11 21:02 . 2009-09-11 15:10	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2010-07-02 11:45 . 2009-04-02 14:42	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-21 13:01 . 2009-06-19 16:15	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-20 22:25 . 2010-06-20 22:25	--------	d-----w-	c:\program files\Bonjour
2010-06-19 10:05 . 2010-04-16 19:10	--------	d-----w-	c:\users\***\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-09 22:02 . 2010-06-09 22:02	--------	d-----w-	c:\program files\Application Updater
2010-06-08 21:32 . 2009-09-14 17:12	408456	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 21:32 . 2010-06-08 21:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-07 15:48 . 2009-03-25 17:08	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-28 22:45 . 2009-06-19 16:02	408456	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 17:06 . 2010-06-11 11:37	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:37	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2009-03-11 14:14 . 2009-03-11 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"{12877358-7964-0725-C41E-A74282570AA2}"="c:\users\***\AppData\Roaming\Yhqed\ufby.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-09 639896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2008-04-02 29984]
"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2008-04-02 46368]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-26 113664]
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-4-16 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
REM [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 10:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,c0,db,bc,66,37,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100802.001\IDSvix86.sys [2010-05-28 344112]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 15:59]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0uha01la.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3020)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-03  20:02:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-03 18:02
ComboFix2.txt  2010-08-03 13:45

Vor Suchlauf: 20 Verzeichnis(se), 713.474.224.128 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 712.997.339.136 Bytes frei

- - End Of File - - 89101ED250A7BDD8B2C2EB1418438DBD
         
--- --- ---

Alt 03.08.2010, 19:15   #8
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



hmm du solltest im prinzip trotzdem platt machen, ist das aller sicherste, da du ja wohl, nehme ich an, weiterhin online banking machen möchtest, ohne angst zu haben das vllt doch was über bleibt...
wenn du unbedingt weiter machen willst, wozu ich nicht rate, dann starte mal neu, und führe combofix erneut aus, poste das log.

Alt 03.08.2010, 19:49   #9
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



...habe keine Lust auf Plattmachen :-( würde dann ggf. mit meinem Laptop das Banking in Zukunft machen, der ist offensichtlich sauber...

hier das neue Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-03.01 - tilo 03.08.2010  20:30:56.3.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2184 [GMT 2:00]
ausgeführt von:: c:\users\tilo\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\tilo\AppData\Roaming\Yhqed\ufby.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-03 bis 2010-08-03  ))))))))))))))))))))))))))))))
.

2010-08-03 18:40 . 2010-08-03 18:40	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-03 18:40 . 2010-08-03 18:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-03 18:40 . 2010-08-03 18:40	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-08-03 18:02 . 2010-08-03 18:40	--------	d-----w-	c:\users\tilo\AppData\Local\temp
2010-08-03 13:58 . 2010-08-03 13:58	776870	----a-w-	C:\Qoobox.zip
2010-08-03 13:58 . 2010-08-03 13:58	1334	----a-w-	C:\_OTL.zip
2010-08-03 12:53 . 2010-08-03 12:53	--------	d-----w-	C:\_OTL
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\users\tilo\AppData\Roaming\Yahoo!
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\program files\Yahoo!
2010-08-02 20:57 . 2010-08-03 13:07	--------	d-----w-	c:\program files\CCleaner
2010-08-02 19:53 . 2010-08-02 19:54	--------	d-----w-	c:\program files\ERUNT
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iPod
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iTunes
2010-07-21 22:40 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-07-21 22:40 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-07-21 22:40 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-07-21 22:40 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-07-13 20:49 . 2010-07-13 20:49	--------	d--h--w-	c:\windows\PIF
2010-07-06 13:36 . 2010-07-06 13:36	--------	d-----w-	c:\program files\MSECache

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 18:23 . 2010-01-30 15:39	--------	d-----w-	c:\users\tilo\AppData\Roaming\Dropbox
2010-08-03 14:07 . 2009-03-26 00:13	621714	----a-w-	c:\windows\system32\perfh007.dat
2010-08-03 14:07 . 2009-03-26 00:13	123646	----a-w-	c:\windows\system32\perfc007.dat
2010-08-03 13:37 . 2010-06-09 22:02	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-03 13:37 . 2009-11-09 21:58	--------	d-----w-	c:\users\tilo\AppData\Roaming\Yhqed
2010-08-03 12:47 . 2009-08-24 18:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-23 18:44 . 2009-06-19 16:12	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 22:40 . 2010-06-09 22:01	--------	d-----w-	c:\program files\PDFCreator
2010-07-17 06:13 . 2009-07-08 19:01	--------	d-----w-	c:\users\tilo\AppData\Roaming\Audacity
2010-07-14 13:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-11 21:02 . 2009-09-11 15:10	--------	d-----w-	c:\users\tilo\AppData\Roaming\vlc
2010-07-02 11:45 . 2009-04-02 14:42	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-21 13:01 . 2009-06-19 16:15	--------	d-----w-	c:\users\tilo\AppData\Roaming\Apple Computer
2010-06-20 22:25 . 2010-06-20 22:25	--------	d-----w-	c:\program files\Bonjour
2010-06-19 10:05 . 2010-04-16 19:10	--------	d-----w-	c:\users\tilo\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\users\tilo\AppData\Roaming\Malwarebytes
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-09 22:02 . 2010-06-09 22:02	--------	d-----w-	c:\program files\Application Updater
2010-06-08 21:32 . 2009-09-14 17:12	408456	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 21:32 . 2010-06-08 21:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-07 15:48 . 2009-03-25 17:08	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-28 22:45 . 2009-06-19 16:02	408456	----a-w-	c:\users\tilo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 17:06 . 2010-06-11 11:37	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:37	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2009-03-11 14:14 . 2009-03-11 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-03_13.39.35   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 01:58 . 2010-08-03 12:58	53110              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 01:58 . 2010-08-03 18:24	53110              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-06-23 21:17 . 2010-08-03 18:24	14112              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-284029172-3591923393-892959723-1000_UserData.bin
- 2009-06-19 15:55 . 2010-08-03 13:12	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-19 15:55 . 2010-08-03 18:22	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-02 19:51 . 2010-08-03 18:22	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-02 19:51 . 2010-08-03 13:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-19 15:55 . 2010-08-03 18:22	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-19 15:55 . 2010-08-03 13:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-02 15:44 . 2010-08-03 18:22	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-02 15:44 . 2010-08-03 18:22	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-02 15:44 . 2010-08-03 18:22	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-03 18:22 . 2010-08-03 18:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-03 12:56 . 2010-08-03 12:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-03 12:56 . 2010-08-03 12:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-03 18:22 . 2010-08-03 18:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2010-08-03 18:24	120836              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-08-03 14:07	589884              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-03 14:07	101896              c:\windows\System32\perfc009.dat
- 2009-07-19 13:59 . 2010-08-03 12:56	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-19 13:59 . 2010-08-03 18:22	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:22 . 2010-08-03 15:19	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-08-03 12:46	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-03 11:37 . 2010-07-26 18:04	11587072              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 15:51	11584512              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
+ 2010-08-03 11:38 . 2010-07-26 16:56	11586560              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 16:55	11581440              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 15:51	11584512              c:\windows\System32\shell32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\tilo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\tilo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\tilo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"{12877358-7964-0725-C41E-A74282570AA2}"="c:\users\tilo\AppData\Roaming\Yhqed\ufby.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-09 639896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2008-04-02 29984]
"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2008-04-02 46368]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\tilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\tilo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-26 113664]
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-4-16 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^tilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\tilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
REM [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 10:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,c0,db,bc,66,37,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100802.001\IDSvix86.sys [2010-05-28 344112]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 15:59]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\tilo\AppData\Roaming\Mozilla\Firefox\Profiles\0uha01la.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-03 20:40
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-08-03  20:44:21
ComboFix-quarantined-files.txt  2010-08-03 18:44
ComboFix2.txt  2010-08-03 18:02
ComboFix3.txt  2010-08-03 13:45

Vor Suchlauf: 20 Verzeichnis(se), 712.810.332.160 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 712.779.931.648 Bytes frei

- - End Of File - - D3319A2C59643F35796F52DF4BE68442
         
--- --- ---

Alt 03.08.2010, 20:08   #10
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



im prinzip darfst du dann überhaupt nichts mehr mit dem pc machen, keine passwörter eingeben irgendwo, denn die können auch abgegriffen werden.....


neues cfscript

Stepdel::
Killall::
folder::
c:\users\tilo\AppData\Roaming\Yhqed

poste neues combofix log

Alt 03.08.2010, 23:57   #11
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo markusg,
hoffe, es tut sich was...

Gruß

hier das nächste log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-03.01 - *** 04.08.2010   0:28.4.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2434 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Yhqed
c:\users\***\AppData\Roaming\Yhqed\ufby.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-03 bis 2010-08-03  ))))))))))))))))))))))))))))))
.

2010-08-03 22:35 . 2010-08-03 22:38	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-08-03 22:35 . 2010-08-03 22:35	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-03 22:35 . 2010-08-03 22:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-03 22:35 . 2010-08-03 22:35	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-08-03 13:58 . 2010-08-03 13:58	776870	----a-w-	C:\Qoobox.zip
2010-08-03 13:58 . 2010-08-03 13:58	1334	----a-w-	C:\_OTL.zip
2010-08-03 12:53 . 2010-08-03 12:53	--------	d-----w-	C:\_OTL
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\users\***\AppData\Roaming\Yahoo!
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\program files\Yahoo!
2010-08-02 20:57 . 2010-08-03 13:07	--------	d-----w-	c:\program files\CCleaner
2010-08-02 19:53 . 2010-08-02 19:54	--------	d-----w-	c:\program files\ERUNT
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iPod
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iTunes
2010-07-21 22:40 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-07-21 22:40 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-07-21 22:40 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-07-21 22:40 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-07-13 20:49 . 2010-07-13 20:49	--------	d--h--w-	c:\windows\PIF
2010-07-06 13:36 . 2010-07-06 13:36	--------	d-----w-	c:\program files\MSECache

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 18:23 . 2010-01-30 15:39	--------	d-----w-	c:\users\***\AppData\Roaming\Dropbox
2010-08-03 14:07 . 2009-03-26 00:13	621714	----a-w-	c:\windows\system32\perfh007.dat
2010-08-03 14:07 . 2009-03-26 00:13	123646	----a-w-	c:\windows\system32\perfc007.dat
2010-08-03 13:37 . 2010-06-09 22:02	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-03 12:47 . 2009-08-24 18:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-23 18:44 . 2009-06-19 16:12	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 22:40 . 2010-06-09 22:01	--------	d-----w-	c:\program files\PDFCreator
2010-07-17 06:13 . 2009-07-08 19:01	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2010-07-14 13:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-11 21:02 . 2009-09-11 15:10	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2010-07-02 11:45 . 2009-04-02 14:42	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-21 13:01 . 2009-06-19 16:15	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-20 22:25 . 2010-06-20 22:25	--------	d-----w-	c:\program files\Bonjour
2010-06-19 10:05 . 2010-04-16 19:10	--------	d-----w-	c:\users\***\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-09 22:02 . 2010-06-09 22:02	--------	d-----w-	c:\program files\Application Updater
2010-06-08 21:32 . 2009-09-14 17:12	408456	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 21:32 . 2010-06-08 21:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-07 15:48 . 2009-03-25 17:08	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-28 22:45 . 2009-06-19 16:02	408456	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 17:06 . 2010-06-11 11:37	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:37	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2009-03-11 14:14 . 2009-03-11 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"{12877358-7964-0725-C41E-A74282570AA2}"="c:\users\***\AppData\Roaming\Yhqed\ufby.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-09 639896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2008-04-02 29984]
"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2008-04-02 46368]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-26 113664]
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-4-16 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
REM [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 10:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,c0,db,bc,66,37,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100802.001\IDSvix86.sys [2010-05-28 344112]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 15:59]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0uha01la.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3104)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-04  00:48:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-03 22:48
ComboFix2.txt  2010-08-03 18:44
ComboFix3.txt  2010-08-03 18:02
ComboFix4.txt  2010-08-03 13:45

Vor Suchlauf: 19 Verzeichnis(se), 712.816.246.784 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 712.685.637.632 Bytes frei

- - End Of File - - 2F8497B01CD4AEE569193E8FE7746332
         
--- --- ---

Alt 04.08.2010, 11:42   #12
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



das sehen wir gleich, pc neustart combofix noch mal.
wenn nicht versuchen wir n anderes programm

Alt 04.08.2010, 17:15   #13
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo markusg,
...und hier wieder das logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-03.04 - *** 04.08.2010  17:57:48.5.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2176 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Yhqed\ufby.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-04 bis 2010-08-04  ))))))))))))))))))))))))))))))
.

2010-08-04 16:09 . 2010-08-04 16:09	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-04 16:09 . 2010-08-04 16:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-04 16:09 . 2010-08-04 16:09	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-08-03 22:48 . 2010-08-04 16:09	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-08-03 13:58 . 2010-08-03 13:58	776870	----a-w-	C:\Qoobox.zip
2010-08-03 13:58 . 2010-08-03 13:58	1334	----a-w-	C:\_OTL.zip
2010-08-03 12:53 . 2010-08-03 12:53	--------	d-----w-	C:\_OTL
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\users\***\AppData\Roaming\Yahoo!
2010-08-02 20:57 . 2010-08-02 20:57	--------	d-----w-	c:\program files\Yahoo!
2010-08-02 20:57 . 2010-08-03 13:07	--------	d-----w-	c:\program files\CCleaner
2010-08-02 19:53 . 2010-08-02 19:54	--------	d-----w-	c:\program files\ERUNT
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iPod
2010-07-23 18:44 . 2010-07-23 18:44	--------	d-----w-	c:\program files\iTunes
2010-07-21 22:40 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-07-21 22:40 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-07-21 22:40 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-07-21 22:40 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-07-13 20:49 . 2010-07-13 20:49	--------	d--h--w-	c:\windows\PIF
2010-07-06 13:36 . 2010-07-06 13:36	--------	d-----w-	c:\program files\MSECache

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 15:53 . 2010-01-30 15:39	--------	d-----w-	c:\users\***\AppData\Roaming\Dropbox
2010-08-03 14:07 . 2009-03-26 00:13	621714	----a-w-	c:\windows\system32\perfh007.dat
2010-08-03 14:07 . 2009-03-26 00:13	123646	----a-w-	c:\windows\system32\perfc007.dat
2010-08-03 13:37 . 2010-06-09 22:02	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-08-03 12:47 . 2009-08-24 18:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-23 18:44 . 2009-06-19 16:12	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 22:40 . 2010-06-09 22:01	--------	d-----w-	c:\program files\PDFCreator
2010-07-17 06:13 . 2009-07-08 19:01	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2010-07-14 13:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-11 21:02 . 2009-09-11 15:10	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2010-07-02 11:45 . 2009-04-02 14:42	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-21 13:01 . 2009-06-19 16:15	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-20 22:25 . 2010-06-20 22:25	--------	d-----w-	c:\program files\Bonjour
2010-06-19 10:05 . 2010-04-16 19:10	--------	d-----w-	c:\users\***\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-06-19 08:55 . 2010-06-19 08:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-09 22:02 . 2010-06-09 22:02	--------	d-----w-	c:\program files\Application Updater
2010-06-08 21:32 . 2009-09-14 17:12	408456	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 21:32 . 2010-06-08 21:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-07 15:48 . 2009-03-25 17:08	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-28 22:45 . 2009-06-19 16:02	408456	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 17:06 . 2010-06-11 11:37	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:37	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2009-03-11 14:14 . 2009-03-11 14:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-03_13.39.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-08-04 15:52	53238              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-06-23 21:17 . 2010-08-04 15:52	14368              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-284029172-3591923393-892959723-1000_UserData.bin
- 2009-06-19 15:55 . 2010-08-03 13:12	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-19 15:55 . 2010-08-04 15:50	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-02 19:51 . 2010-08-04 15:50	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-02 19:51 . 2010-08-03 13:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-19 15:55 . 2010-08-04 15:50	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-19 15:55 . 2010-08-03 13:12	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 12:50 . 2010-08-02 23:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 12:50 . 2010-08-04 15:45	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 12:50 . 2010-08-04 15:45	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-16 12:50 . 2010-08-02 23:46	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-16 12:50 . 2010-08-04 15:45	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 12:50 . 2010-08-02 23:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-02 15:44 . 2010-08-04 15:50	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-02 15:44 . 2010-08-04 15:50	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-02 15:44 . 2010-08-04 15:50	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-04 15:50 . 2010-08-04 15:50	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-03 12:56 . 2010-08-03 12:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-03 12:56 . 2010-08-03 12:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-04 15:50 . 2010-08-04 15:50	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-13 23:38 . 2010-08-04 15:45	327632              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 13:05 . 2010-08-04 15:52	120868              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-08-03 14:07	589884              c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-03 14:07	101896              c:\windows\System32\perfc009.dat
- 2009-07-19 13:59 . 2010-08-03 12:56	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-19 13:59 . 2010-08-04 15:50	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 10:22 . 2010-08-03 12:46	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-08-03 15:19	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-03 11:37 . 2010-07-26 18:04	11587072              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 15:51	11584512              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
+ 2010-08-03 11:38 . 2010-07-26 16:56	11586560              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 16:55	11581440              c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 15:51	11584512              c:\windows\System32\shell32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"{12877358-7964-0725-C41E-A74282570AA2}"="c:\users\***\AppData\Roaming\Yhqed\ufby.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-09 639896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2008-04-02 29984]
"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2008-04-02 46368]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-26 113664]
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-4-16 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
REM [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 10:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,c0,db,bc,66,37,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100803.001\IDSvix86.sys [2010-05-28 344112]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 15:59]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0uha01la.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-04 18:09
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-08-04  18:13:35
ComboFix-quarantined-files.txt  2010-08-04 16:13
ComboFix2.txt  2010-08-03 22:48
ComboFix3.txt  2010-08-03 18:44
ComboFix4.txt  2010-08-03 18:02
ComboFix5.txt  2010-08-04 15:53

Vor Suchlauf: 20 Verzeichnis(se), 712.601.198.592 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 712.581.926.912 Bytes frei

- - End Of File - - EE34B915E3CFDB165BF6912279007A24
         
--- --- ---

Alt 04.08.2010, 19:21   #14
markusg
/// Malware-holic
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Download avenger:
Avenger
entpacke ihn in einen eigenen ordner, rechtsklick avenger.exe, als admin ausführen.
kopiere das script ein, wie beschrieben

Folder to delete:
c:\users\***\AppData\Roaming\Yhqed

führe es aus wie beschrieben, log posten.

Alt 04.08.2010, 22:47   #15
tschongleur
 
Trojaner will 40 TANs bei Postbank-Konto - Standard

Trojaner will 40 TANs bei Postbank-Konto



Hallo markusg,
wenn ich

Folder to delete:
c:\users\***\AppData\Roaming\Yhqed

reinkopiere, kommt diese Fehlermeldung:
Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

(natürlich habe ich die *** ersetzt)

Gruß

Antwort

Themen zu Trojaner will 40 TANs bei Postbank-Konto
0 bytes, 40 tan, 40 tans, 7-zip, adobe, alternate, bho, bonjour, cdburnerxp, components, corp./icp, defender, dropbox, e-banking, error, excel.exe, firefox, firefox.exe, flash player, fontcache, format, google, helper, home, home premium, iastor.sys, iexplore.exe, install.exe, intrusion prevention, ip-adresse, kunde, location, logfile, microsoft office word, monitor, nt.exe, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl.exe, otl.txt, pdfforge toolbar, picasa, problem, programdata, realtek, registry, rundll, safer networking, searchplugins, security, security tools, security update, senden, shell32.dll, software, spigot, staropen, start menu, svchost.exe, symantec, tan's, tracker, trojaner, vista, vlc media player



Ähnliche Themen: Trojaner will 40 TANs bei Postbank-Konto


  1. 40 TAN Trojaner beim Postbank Konto
    Log-Analyse und Auswertung - 01.05.2011 (10)
  2. Postbank 20 Tans-Phishing-Overlay
    Log-Analyse und Auswertung - 25.04.2011 (35)
  3. Postbank TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (1)
  4. Postbank TANs Google Trojaner + Trojan.PWS
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (7)
  5. Trojaner 40 Tans
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (22)
  6. Trojaner Postbank 40 Tans
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (18)
  7. Postbank Online-Banking: Aufforderung zur Eingabe von 40 TANs
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (3)
  8. Postbank will 40 TANS bei Login/angebl. Sicherheitsupdate
    Plagegeister aller Art und deren Bekämpfung - 31.01.2011 (1)
  9. 40 TAN Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (6)
  10. Eingabe von TANs gefordert - Postbank Hotline sagt ich hätte Trojaner
    Log-Analyse und Auswertung - 16.01.2011 (10)
  11. postbank 50 tans-trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (13)
  12. Trojaner - Fishing der TANs beim Online Banking der Postbank
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (17)
  13. 30 TAN Trojaner (Postbank)
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (17)
  14. BDS/Papras.PK in Windows\system21\jvienify.dll, 30 Tans bei Postbank online-Banking
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (1)
  15. 30 Tans onlinebanking abfrage (postbank), trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (5)
  16. Postbank Trojaner möchte 20 Tans beim einloggen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (6)
  17. TAN Trojaner (ca. 30-40 TANs)
    Plagegeister aller Art und deren Bekämpfung - 13.11.2009 (4)

Zum Thema Trojaner will 40 TANs bei Postbank-Konto - Hallo an alle Leser, wie bei ein paar anderen Usern habe ich auch ein Problem beim Online-Banking, allerdings bei der Postbank. Folgender Text erscheint mit den Feldern für die Tan-Eingabe: - Trojaner will 40 TANs bei Postbank-Konto...
Archiv
Du betrachtest: Trojaner will 40 TANs bei Postbank-Konto auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.