Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner? Deutsche Bank will 30 Tans

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.08.2010, 23:47   #1
MissPurzel
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Hallo,

ich habe ein sehr ähnliches Problem, wie hier beschrieben: http://www.trojaner-board.de/88974-t...e-banking.html

Ich habe schon einige Virenprogramme laufen lassen, die allerdings nichts finden konnten.

Vorhing hatte ich auf einmal Probleme mit meiner Tastatur (so erscheint das Zirkumflexzeichen, ebenso wie das Akzentzeichen doppelt, wenn ich die Taste nur einmal drücke), die auch weiterhin bestehen. Ich habe es mit einer Systemwiederherstellung versucht, die aber auf Grund eines "Unbekannten Fehlers" nicht funktioniert hat.
Nun wollte ich eben beim Onlinebanking vorbeischauen und dort ging ein Pop Up auf, dass angeblich 30 TANs von mir benötigt werden würde. Da ich mich wirklich kaum bis gar nicht auskenne, macht mir die ganze Sache schon Angst, weil ich heute auch nichts installiert oder runtergeladen habe und nicht weiß, wie ich mir den Mist eingefangen haben könnte.

Ich bitte um Hilfe.

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:57:23, on 07.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = w*w.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MS_MASTER] RUNDLL32.EXE C:\Users\***\AppData\Local\Temp\xml_inc.dll,i
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsWerr] RUNDLL32.EXE C:\Users\***\AppData\Local\Temp\xm1985.dll,w
O4 - HKCU\..\Run: [{A5D45779-3B10-B24B-3A59-CC7041E84046}] C:\Users\***\AppData\Roaming\Uzung\coaxc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0131561230898982) (0131561230898982mcinstcleanup) - Unknown owner - C:\Users\***\AppData\Local\Temp\013156~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -   - C:\Windows\system32\lxdncoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11656 bytes
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4404

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08.08.2010 00:29:19
mbam-log-2010-08-08 (00-29-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138043
Laufzeit: 7 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Danke!

Geändert von MissPurzel (08.08.2010 um 00:36 Uhr)

Alt 08.08.2010, 12:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 08.08.2010, 13:54   #3
MissPurzel
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Hallo,

danke für deine Antwort!

Malware

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4406

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08.08.2010 13:44:47
mbam-log-2010-08-08 (13-44-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138096
Laufzeit: 7 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

OTL

Code:
ATTFilter
OTL logfile created on: 08.08.2010 13:38:46 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,43 Gb Total Space | 29,47 Gb Free Space | 21,60% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 120,26 Gb Free Space | 80,69% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 4,68 Gb Free Space | 46,77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FREUUUUND
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\System32\lxdncoms.exe ( )
PRC - C:\Program Files\Java\jre1.6.0\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe (Dell)
PRC - C:\Program Files\Dell\MFP_DELL\deMntrService.exe (Dell)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe File not found
SRV - (0131561230898982mcinstcleanup) McAfee Application Installer Cleanup (0131561230898982) -- C:\Users\***\AppData\Local\Temp\013156~1.EXE File not found
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (lxdn_device) -- C:\Windows\System32\lxdncoms.exe ( )
SRV - (lxdnCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe ()
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (deMntrService) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe (Dell)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\44CD.tmp File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DESVUSB) -- C:\Windows\System32\drivers\desrvusb.sys (Olivetti-Engineering SA)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://w*w.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://w*w.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://w*w.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = w*w.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.07.15 18:09:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.06 14:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.29 18:52:27 | 000,000,000 | ---D | M]
 
[2008.11.29 20:09:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.08 11:05:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions
[2010.07.23 15:10:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.23 14:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008.04.20 10:55:13 | 000,000,000 | ---D | M] (Fasterfox [de]) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008.07.17 15:14:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.12.26 21:42:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008.11.28 22:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008.07.27 22:26:45 | 000,001,504 | ---- | M] () -- C:\Users\***i\AppData\Roaming\Mozilla\FireFox\Profiles\mpd2c1pu.default\searchplugins\imdb.xml
[2008.07.27 18:05:16 | 000,002,109 | ---- | M] () -- C:\Users\***i\AppData\Roaming\Mozilla\FireFox\Profiles\mpd2c1pu.default\searchplugins\youtube-video-search.xml
[2009.03.18 17:42:23 | 000,002,057 | ---- | M] () -- C:\Users\***i\AppData\Roaming\Mozilla\FireFox\Profiles\mpd2c1pu.default\searchplugins\youtube-videosuche.xml
[2010.08.08 11:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.29 18:52:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.29 18:52:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.06.28 17:40:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.28 17:40:05 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.28 17:40:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.28 17:40:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.28 17:40:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.07 21:37:40 | 000,000,875 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeStatusMon] C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe (Dell)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{A5D45779-3B10-B24B-3A59-CC7041E84046}] C:\Users\***\AppData\Roaming\Uzung\coaxc.exe (SOFTWIN S.R.L.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [MS_MASTER] C:\Users\***\AppData\Local\Temp\xml_inc.DLL File not found
O4 - HKCU..\Run: [MsWerr] C:\Users\***\AppData\Local\Temp\xm1985.DLL File not found
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} h**p://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ba22351-99f4-11de-b063-001d09c16281}\Shell - "" = AutoRun
O33 - MountPoints2\{4ba22351-99f4-11de-b063-001d09c16281}\Shell\AutoRun\command - "" = G:\Hasbro.exe -- File not found
O33 - MountPoints2\{9f6fa3ab-e071-11dc-b329-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9f6fa3ab-e071-11dc-b329-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.08 13:38:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.08 11:40:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Muss mit
[2010.08.08 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.08 00:20:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.08 00:20:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.08 00:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.08 00:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.08 00:19:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.08.07 23:56:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.07 22:13:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010.08.07 22:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010.08.07 22:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.07.29 18:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.29 18:52:27 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.29 18:52:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.29 18:52:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.29 18:52:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.23 22:04:04 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2010.07.23 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2010.07.23 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.07.23 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.07.23 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.01 18:02:05 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2009.04.01 18:02:05 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2009.04.01 18:02:05 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2009.04.01 18:02:05 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2009.04.01 18:02:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2009.04.01 18:02:05 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2009.04.01 18:02:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2009.04.01 18:02:04 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2009.04.01 18:02:04 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2009.04.01 18:02:03 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2009.04.01 18:02:03 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.08 13:41:47 | 008,126,464 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.08 13:38:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.08 13:36:07 | 000,062,271 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.08.08 13:36:07 | 000,062,271 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.08.08 12:54:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 12:54:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 12:46:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.08 11:40:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.08 11:08:28 | 000,163,713 | ---- | M] () -- C:\Users\***\Desktop\bookmarks.html
[2010.08.08 10:57:13 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.08 10:56:40 | 000,001,746 | ---- | M] () -- C:\Users\***\Desktop\Trillian.lnk
[2010.08.08 10:55:15 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2010.08.08 10:55:04 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.08 10:54:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.08 10:54:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.08 10:54:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.08 10:54:34 | 3217,108,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.08 10:54:33 | 000,329,208 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.08.08 00:46:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.08 00:46:12 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.08 00:46:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.08 00:45:58 | 002,837,583 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.08 00:20:18 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.08 00:19:57 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.08.07 23:56:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.08.07 22:13:35 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.08.07 22:13:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010.08.07 21:37:40 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.07 21:15:49 | 000,070,656 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.07 16:54:08 | 000,020,992 | ---- | M] () -- C:\Windows\jestertb.dll
[2010.08.06 23:37:02 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.05 14:30:59 | 000,001,309 | ---- | M] () -- C:\Users\***\Desktop\Hidden Wonders.lnk
[2010.08.05 11:58:21 | 300,678,239 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.02 18:17:36 | 001,693,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.01 17:36:27 | 000,089,712 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.29 23:08:54 | 000,010,809 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg
[2010.07.29 23:08:54 | 000,002,534 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2010.07.29 18:52:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.29 18:52:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.29 18:52:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.29 18:52:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.24 18:13:15 | 000,045,056 | ---- | M] () -- C:\Users\***\Desktop\**hs\Documents\War.h2.db
[2010.07.23 15:32:09 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.23 15:32:09 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.23 15:32:09 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.23 15:32:09 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.23 15:32:09 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.14 12:20:51 | 001,109,511 | ---- | M] () -- C:\Users\***\Desktop\**hs\Documents\Unbenannt.wma
 
========== Files Created - No Company Name ==========
 
[2010.08.08 11:08:28 | 000,163,713 | ---- | C] () -- C:\Users\***\Desktop\bookmarks.html
[2010.08.08 00:20:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.07 22:02:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.08.07 16:54:08 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.08.05 14:30:59 | 000,001,309 | ---- | C] () -- C:\Users\***\Desktop\Hidden Wonders.lnk
[2010.08.04 20:19:05 | 300,678,239 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.24 18:12:30 | 000,045,056 | ---- | C] () -- C:\Users\***\Desktop\**hs\Documents\War.h2.db
[2010.07.23 20:37:33 | 000,010,809 | -HS- | C] () -- C:\Users\***\Desktop\Folder.jpg
[2010.07.23 20:37:33 | 000,002,534 | -HS- | C] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2010.07.14 12:20:51 | 001,109,511 | ---- | C] () -- C:\Users\***\Desktop\**hs\Documents\Unbenannt.wma
[2010.06.06 12:07:23 | 000,000,003 | ---- | C] () -- C:\Windows\iocsys.dll
[2009.10.04 13:58:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.04.13 15:52:06 | 000,000,024 | ---- | C] () -- C:\Windows\SW_Win2000X24.DLL
[2009.04.13 15:52:00 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2009.04.13 15:52:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2009.04.13 15:51:59 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009.04.01 18:04:23 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2009.04.01 18:02:13 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
[2009.04.01 18:02:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2009.04.01 18:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2008.12.11 18:06:23 | 000,000,093 | ---- | C] () -- C:\Windows\winlemm.ini
[2008.11.15 19:20:40 | 000,000,038 | ---- | C] () -- C:\Windows\TETRIS.INI
[2008.10.03 16:49:58 | 000,002,728 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.07.08 18:08:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.21 21:36:39 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.02.21 14:03:55 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007.11.28 19:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007.11.21 02:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007.11.21 01:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007.10.03 00:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007.07.25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2002.11.06 18:42:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SDL_gfx.dll
[2002.10.13 13:25:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MesaGlut.dll
[2002.10.13 13:23:36 | 000,363,008 | ---- | C] () -- C:\Windows\System32\MesaGLU.dll
[2002.10.13 13:21:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\osmesa.dll
[2002.10.13 13:21:44 | 001,417,216 | ---- | C] () -- C:\Windows\System32\MesaGL.dll
[2002.10.07 05:49:26 | 000,225,280 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2002.05.20 08:12:50 | 000,258,048 | ---- | C] () -- C:\Windows\System32\SDL_mixer.dll
[2002.04.13 13:01:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SDL_ttf.dll
[2002.04.13 13:01:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SDL_net.dll
[2002.04.13 13:00:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SDL_image.dll
[2002.02.07 13:43:38 | 000,319,488 | ---- | C] () -- C:\Windows\System32\sdl_sound.dll
[2001.12.03 21:59:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\in_flac.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.08.13 02:00:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2001.08.13 02:00:36 | 000,094,208 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2001.08.13 01:59:58 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2001.04.05 15:24:14 | 000,169,443 | ---- | C] () -- C:\Windows\System32\jpeg.dll
[2001.04.05 15:24:14 | 000,094,720 | ---- | C] () -- C:\Windows\System32\libpng1.dll
[2001.04.05 15:24:14 | 000,053,760 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.04.04 21:33:50 | 000,209,920 | ---- | C] () -- C:\Windows\System32\smpeg.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\***\Unbenannter Export:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Unbenannt.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\stundenplan1sm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\stundenplan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\schuelervz.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\**hschooting.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\rp3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\rp2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\PinkHelloKitty.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Zeugs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\wi.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\why.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Verschiedenes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\uni:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Unbenannt.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Talente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\sw.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Sündenherz:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\skin.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\sattl.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\sas.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Rezepte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\reflection.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Planet Hell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\ohoh2.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\ohoh.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Notes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\My ISO Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\lt.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Losgeplüscht:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Jack:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\iws.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\isy.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Interview-Yuhlia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Hufgeflüster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\HP Duell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\fragen7u8.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\fragen4-6.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\fragen 1-3.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\dfdw.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Cy.borg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\cotw.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\btc.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\bs.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\broken.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Bluetooth-Exchange-Ordner:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\bls.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Bis(s)Rpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Bibergeschichte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\bbw.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\awnw.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\aom.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\Adobe CS3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs\Documents\2.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\**hs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Muss mit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\biild.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\abiball.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\2008-10-18:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\184-1920x1200.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\!ImprovedErrorFrame:Roxio EMC Stream
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F1175E1D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 08.08.2010 13:38:46 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,43 Gb Total Space | 29,47 Gb Free Space | 21,60% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 120,26 Gb Free Space | 80,69% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 4,68 Gb Free Space | 46,77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FREUUUUND
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BAAD264-996A-4A0A-95AD-85B1AE5E14E8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1E7DD2BD-53E2-47A8-B3BB-1B1500EF2DAD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{39331E9A-BD1F-4FED-9559-24A9DB1C46C0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D9ABE70-5335-4058-A621-E8A464D98A30}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{52231E05-FDB7-405F-9AE9-6B1BAF50A895}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D0681AA-769D-4729-B9D7-460F2C9B8295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5D4CDA59-45F8-468A-B3B8-6A4CCCC03537}" = rport=137 | protocol=17 | dir=out | app=system | 
"{60944F2A-3D50-4F1C-A33D-7DF9613FFA88}" = rport=445 | protocol=6 | dir=out | app=system | 
"{64C69F7B-20C3-4E64-9DF8-DF86B2063049}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{92CCA3D7-89DA-4DA5-9AF8-8A3C3CCA1ED3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9320004B-FE75-4C66-9689-7A388B22E6B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AB105A9B-147D-4FD7-A886-D39C88529BF4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AB8FF82D-607A-4984-9631-FE1AC468D203}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{AD2A42E8-1F4D-4ED7-951F-259B2306687A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{AD8652D7-2F4E-47DF-B765-B9E5BD6B4D5E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C99A8C82-F503-46BD-A3CA-8110FF318168}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D0D6818D-8BD0-479A-B390-BDD2264BCC95}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D18EC99C-06CB-4FEB-B6EE-5EB61558C1F1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9E2CE73-8D01-4714-93A8-48704B98ED21}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E9E9F9AD-4201-4AD8-A2C0-8DD7D9BFBF0E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EDFDFFC5-EB87-4EEB-8DCE-4B1020FC5137}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FEB79908-70FF-424D-AD33-7DB95A8C01C3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0331F4DE-8F56-4AF2-AAC1-9581BB628BAE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe | 
"{160DE364-4F83-4C57-A7BB-392F9250C136}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{18745819-563A-4FBF-9CC9-8907380DB665}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{1DB298C8-2311-44A2-8CB3-593A5F551316}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{1FB7370B-E581-4AF7-B794-BBE737FAD0C3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{22D1D75F-11AC-4B86-AA44-F63BA9E3547D}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"{2C135C52-6229-4488-80BB-1C81530863A4}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{328CB540-8A62-4A36-9544-ED8CD7C2145C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{32A1F828-E0D1-4DC7-9909-BDDE97E56BCE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{4073679A-D9F9-4E6A-86C4-5F0D0E4FEFBC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{46DC7EA4-3451-4113-83E1-E5F7892CDD53}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe | 
"{4C8275BF-8632-4677-BF3E-FF342D3777F9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe | 
"{4D5398BF-6B11-4359-9D28-9EFB9209E3A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4E9CFAF7-6F3F-4661-8530-948C370E5F07}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"{4F3B9626-BA36-4290-B8B4-DEEAC496EC41}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"{4FB448FE-61E4-48BD-A3D3-D9927583DAB2}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"{5678A21C-B09D-483B-9ECC-E328BED46125}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{568A9F59-FA0F-4E46-84E0-51E73EED7980}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{616D7634-EE0E-49FB-B354-838AC537ED5C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{6DBF4017-01A5-4C5C-91FB-0A74809972C2}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{71257276-419B-4D15-9737-D8EB4E31D2FD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{7932C7C4-5FE0-45D5-B583-85DBA544430C}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{7E6A0EF0-9E75-482D-8E5A-39CF44601F65}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe | 
"{808459EA-E093-42B7-9A2E-9BA44A4DA65D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe | 
"{87521368-E31E-4649-8EBF-992DCC9758DE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{88B32CB7-E1A1-4F91-892D-6EF1D92FD72A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{8F9090F4-38E6-4A60-8D5F-001365FF99D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{992FB683-71DA-4709-A60D-A24BCCFB33DC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{99969825-08BE-4C9B-A76D-CFCAC3F01D1A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{A4B56804-7B9F-405A-92DF-A48767220FF5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B75D935C-DE3B-46F1-BF20-80741B72E0A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4545FDC-4D61-4E41-8D2C-5B37AF27D7E8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{D1847D64-E4FD-42B5-B0CC-C3D1E6714594}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{D1A30620-AFF8-433F-9FFF-E9760671E83D}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe | 
"{D3605F91-089A-49BE-96C6-547E6FF594CF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D4F5DA37-5F0E-44A1-AF6A-6BBE95043323}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe | 
"{D6805850-B7AE-4B4D-9BBA-2026A70B8AB1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D700D752-17A5-45B3-A6A5-2534E59ED713}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D7F6B45F-FF2C-40F2-AD39-2E641C003250}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe | 
"{DA358D95-BA9C-4F1B-BF83-E0A6EBF56FA6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DDFF22FA-D550-413E-A573-53169B78A5E6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DFAA3E7A-110F-426D-B7C1-7298A458DC33}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E4326AC8-3BA7-477B-B3D3-B9FEEECB856A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ED1D79D7-2E5C-46B9-BAB0-B3CF4C4803EC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe | 
"{F7677956-91BF-4FE6-835A-6BB77512FF0F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F91CFC54-D532-4A53-9E93-59240EACCBE8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{FA1F4B6A-09ED-4A53-B0FF-5D96C9EC0952}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe | 
"{FB59F140-E73A-435B-B751-67B02BF8CC9A}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | 
"TCP Query User{024629FE-C109-4886-B314-191A3FFDC2EF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{09409482-593B-43E2-8119-65E9E102B987}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{22B9DE16-9AC7-4E68-9171-D376DC5A0FD4}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{24193478-66D2-4067-9E3D-F6B48B97B2BC}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"TCP Query User{26C0DDB7-D69D-4750-9800-FB8A49FFC6E9}C:\program files\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files\amsn\bin\wish.exe | 
"TCP Query User{2757E747-7F1E-424C-80D7-07AC4DDC1B30}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{27916BF3-D0A5-4409-ABFC-72879C9936BB}C:\program files\hko\hkodm.exe" = protocol=6 | dir=in | app=c:\program files\hko\hkodm.exe | 
"TCP Query User{2D8BE566-1326-4810-A826-B8F43F6CCE7B}C:\users\***\desktop\phase10.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\phase10.exe | 
"TCP Query User{32915C5D-086B-4011-A86F-BC7E73B3AA1F}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"TCP Query User{40C1F32D-BF0C-4900-A782-01414A3D7858}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe | 
"TCP Query User{57754ECD-A419-45C5-B99C-85D2101F930C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5CCD2A34-4725-4EA0-997F-76A746ED194D}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{62771D85-AF0D-424A-AB6B-BE57633B83CE}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{706A4F13-F083-4990-98A5-E7A006D1AFC8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{80FC5978-F21C-45D2-8B5C-E3346F14D74A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{9B884483-C396-4C7F-9E85-D7F8ED77AAD0}C:\users\***\appdata\local\temp\blizzard launcher temporary - 3a533308\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 3a533308\launcher.exe | 
"TCP Query User{9E6CCAC1-49F2-43F1-A61B-1D02EED8B3F8}G:\life\life.exe" = protocol=6 | dir=in | app=g:\life\life.exe | 
"TCP Query User{B68D2A8C-281C-4E06-B800-B9755FCE90C9}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{B93670F1-E4D1-43F3-A9BA-9771C4C34C01}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{BB5B4EDA-47CA-4CFA-8D03-0BE95546F550}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"TCP Query User{BE9C73A8-176E-4BB8-850D-DC7A7C48BCF4}C:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe | 
"TCP Query User{D115044C-AC1F-4004-A681-BEA98A6D5B8C}C:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe | 
"TCP Query User{DE9A99E9-4212-4A8F-9C56-E1813437733A}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{ECA50278-982B-4F31-8672-B56D04EB2D5F}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{08566F32-D915-4B94-9275-566E3053A368}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{0A741B6C-E469-4567-808B-21C1DD55DD49}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"UDP Query User{0B13C7F2-3C6C-42C2-B761-60E5A0FDBFB0}G:\life\life.exe" = protocol=17 | dir=in | app=g:\life\life.exe | 
"UDP Query User{0B38209D-BF1F-4102-B04A-8D89BF5AD08A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{1B7ADDD6-E3F0-4801-A82A-D4F836EE8AEF}C:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe | 
"UDP Query User{1E381508-4F01-43B3-8D31-D1B1FEB005F3}C:\program files\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files\amsn\bin\wish.exe | 
"UDP Query User{200734D1-FD1D-4CAF-B9AB-7C96E5B2B788}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{2E9AC4B7-FFD0-488B-8DAD-28B79C96AB58}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{3F68E73A-752E-4A3D-9BB1-29D29A40F399}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{52E978E6-DB84-4621-84AA-E3702F847E3B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{672B99B3-CD2F-4ED0-8514-8EEDE0078F40}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{6D62A810-B9C8-40C1-A084-733A8358F1FD}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{84EC42D1-1573-4741-B497-D67B34127386}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{8986DD13-BAA3-4F89-84BA-3473C36FEFFB}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{8CE6EFF5-1B9B-4867-9877-C289040FC755}C:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\launch4j-tmp\jdownloader.exe | 
"UDP Query User{BFD4DAD0-47EB-4125-980B-C361C8A35425}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{C1997F00-A7C5-46AE-8FBE-40B394318D98}C:\users\***\appdata\local\temp\blizzard launcher temporary - 3a533308\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - 3a533308\launcher.exe | 
"UDP Query User{CB380EBF-7B65-409A-98F8-AA067A3B6379}C:\users\***\desktop\phase10.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\phase10.exe | 
"UDP Query User{D42E0ACB-CCD3-4968-9C18-9088F5E456FC}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{DE31B64B-A10E-4BBA-9B21-7217222ECF72}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe | 
"UDP Query User{E4F4DAA5-2ED7-41F9-8837-638137C7542A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{E5700BD3-F9CE-4B63-9DBE-FA1DF9FEF555}C:\program files\hko\hkodm.exe" = protocol=17 | dir=in | app=c:\program files\hko\hkodm.exe | 
"UDP Query User{F04921BD-0697-452E-A73F-2FB9F856E1E5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{F1D88CC6-910F-4E27-B9D7-6542B0C6E4CB}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series" = Canon MP260 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2B30C0F7-129B-4998-856F-6AAE09D632AC}_is1" = Ricochet Lost World Recharged de
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30901794-9757-4E9C-B651-56E431CB839A}" = Disney-Pixar WALL-E Demo
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8 Trial
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45B8441A-0346-4D6C-88A8-01821DA28D04}" = eDocPrintPro v3.15.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{500ECB5F-B2E8-4A46-80FF-FFFDB7AFC103}" = ScanSoft OmniPage SE 4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6297F8EC-D821-4B33-B845-8A8D1A0DF472}" = Lightroom
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}" = gs_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB42270E-B4CA-7457-3D2B-E0B46AAEF819}" = twhirl
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3D-Fahrschule" = 3D-Fahrschule
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"am-gutterball2" = Gutterball 2
"am-hiddenwondersofthedepths" = Hidden Wonders of the Depths
"am-jewelquest" = Jewel Quest
"am-luxor" = Luxor
"aMSN" = aMSN 0.98.3
"Applian FLV Player2.0.24" = Applian FLV Player
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games Client
"Bookworm Adventures Deluxe" = Bookworm Adventures Deluxe
"Canon MP260 series Benutzerregistrierung" = Canon MP260 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chord Finder" = Chord Finder (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Convert Image To PDF_is1" = Convert Image To PDF
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Frozen-Bubble_is1" = Frozen-Bubble 1.0
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Hidden Wonders of the Depths Deluxe" = Hidden Wonders of the Depths Deluxe
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Lexmark 2600 Series" = Lexmark 2600 Series
"Luxor Amun Rising Deluxe" = Luxor Amun Rising Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"MobMap_is1" = MobMap 2.01
"Monopoly Deluxe" = Monopoly Deluxe
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPokerNet" = PartyPokerNet
"Pingus" = Pingus
"ProInst" = Intel(R) PROSet/Wireless Software
"QIP 8070 Jeak Edition" = QIP 8070 Jeak Edition
"QIP2005" = QIP 2005 Uninstall
"RealPlayer 6.0" = RealPlayer
"RPG Maker 2000  Dunkle" = RPG Maker 2000 -  Dunkle Schatten
"RPG Maker 2000  DunkleGefixt" = RPG Maker 2000 -  Dunkle Schatten
"RPG Maker 2000  Vampires" = RPG Maker 2000 -  Vampires Dawn
"Schwedisch Aktiv" = Schwedisch AKTIV
"Schwedisch AKTIV Demo" = Schwedisch AKTIV Demo
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Storybook" = Storybook
"Sweet Home 3D_is1" = Sweet Home 3D version 1.3
"The Game Of Life" = The Game Of Life
"THE GAME OF LIFE - Path to Success" = THE GAME OF LIFE - Path to Success
"THE GAME OF LIFE™ by Hasbro" = THE GAME OF LIFE™ by Hasbro (remove only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TmNationsForever_is1" = TmNationsForever
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XnView_is1" = XnView 1.96.1
"Yahtzee" = Yahtzee
"ZanzarahDvP" = Zanzarah: Das verborgene Portal
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"NCsoft-Aion" = Aion
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Liebe Grüße
__________________

Geändert von MissPurzel (08.08.2010 um 14:02 Uhr)

Alt 08.08.2010, 14:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Zitat:
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138096
Laufzeit: 7 Minute(n), 3 Sekunde(n)
Bitte richtig lesen! ich wollte einen Vollscan sehen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.08.2010, 15:34   #5
MissPurzel
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Oh, entschuldige bitte. Manchmal bin ich echt zu blöd.

Hab jetzt seit 1 1/2 Stunden den Suchlauf an, melde mich dann wieder mit dem Log.


Alt 08.08.2010, 16:50   #6
MissPurzel
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



So, nun aber vollständig.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4406

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08.08.2010 16:49:36
mbam-log-2010-08-08 (16-49-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 363853
Laufzeit: 2 Stunde(n), 42 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 08.08.2010, 16:55   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.08.2010, 18:07   #8
MissPurzel
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Also, ich kann schon einmal berichten, dass die Zeichen wieder normal funktionieren und das Pop Up mit den TANs nicht mehr aufgeht. Von daher sende ich schon einmal ein ganz dickes DANKE aus.


Code:
ATTFilter
ComboFix 10-08-07.02 - *** 08.08.2010  17:43:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.1650 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
c:\users\***\AppData\Roaming\Uzung
c:\users\***\AppData\Roaming\Uzung\coaxc.exe
c:\users\***\WowMatrix.exe
c:\windows\iocsys.dll
c:\windows\jestertb.dll
c:\windows\system32\st325614.dll

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


(((((((((((((((((((((((   Dateien erstellt von 2010-07-08 bis 2010-08-08  ))))))))))))))))))))))))))))))
.

2010-08-08 15:51 . 2010-08-08 15:54	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-08-08 15:51 . 2010-08-08 15:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-08 15:06 . 2010-08-08 15:06	--------	d-----w-	c:\program files\CCleaner
2010-08-07 22:20 . 2010-08-07 22:20	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-08-07 22:20 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 22:20 . 2010-08-07 22:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-07 22:20 . 2010-08-07 22:20	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-07 22:20 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-07 20:13 . 2010-08-07 20:13	12872	----a-w-	c:\windows\system32\bootdelete.exe
2010-08-07 20:02 . 2010-08-07 20:13	16968	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2010-08-07 20:01 . 2010-08-07 20:13	--------	d-----w-	c:\programdata\Hitman Pro
2010-08-07 20:01 . 2010-08-07 20:01	--------	d-----w-	c:\program files\Hitman Pro 3.5
2010-07-29 16:52 . 2010-07-29 16:52	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-23 20:04 . 2010-08-05 08:46	--------	d-----w-	C:\GameHouse Games
2010-07-23 20:03 . 2010-08-05 08:46	--------	d-----w-	c:\program files\RealArcade
2010-07-23 13:10 . 2010-07-23 13:10	--------	d-----w-	c:\program files\DVDVideoSoftTB
2010-07-23 13:10 . 2010-07-23 13:10	--------	d-----w-	c:\program files\Conduit
2010-07-23 12:48 . 2010-07-23 12:48	--------	d-----w-	c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 15:52 . 2008-02-21 11:43	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-08 15:40 . 2009-12-26 19:42	--------	d-----w-	c:\programdata\NOS
2010-08-08 15:40 . 2008-12-12 21:51	--------	d-----w-	c:\program files\Trillian
2010-08-08 15:36 . 2009-07-22 16:03	--------	d-----w-	c:\users\***\AppData\Roaming\Culiq
2010-08-08 15:32 . 2009-01-02 12:37	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-08 14:20 . 2008-07-05 12:32	--------	d-----w-	c:\programdata\Google Updater
2010-08-08 13:32 . 2008-03-07 20:30	62271	----a-w-	c:\users\***\AppData\Roaming\nvModes.dat
2010-08-05 12:31 . 2008-12-07 17:14	--------	d-----w-	c:\users\***\AppData\Roaming\Zylom
2010-08-05 12:30 . 2008-12-07 17:13	--------	d-----w-	c:\program files\Zylom Games
2010-08-01 21:08 . 2010-05-04 13:13	--------	d-----w-	c:\programdata\CanonIJPLM
2010-08-01 15:36 . 2008-02-26 15:25	89712	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-01 14:27 . 2010-07-22 12:03	456200	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-07-29 16:53 . 2008-02-21 11:52	--------	d-----w-	c:\program files\Common Files\Java
2010-07-29 16:52 . 2008-02-21 11:52	--------	d-----w-	c:\program files\Java
2010-07-23 13:32 . 2006-11-02 15:33	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-07-23 13:32 . 2006-11-02 15:33	122648	----a-w-	c:\windows\system32\perfc007.dat
2010-07-23 13:10 . 2010-07-23 13:10	52224	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-23 13:10 . 2010-07-23 13:10	101376	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-23 12:48 . 2009-03-02 18:38	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-07-23 09:14 . 2010-07-23 09:14	27198960	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\rp\RealPlayerSPGold_de.exe
2010-07-23 09:13 . 2010-07-23 09:13	220272	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-07-23 09:13 . 2010-07-23 09:13	149000	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-07-23 09:12 . 2010-07-23 09:12	13407072	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-07-23 09:12 . 2010-07-23 09:12	79368	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\RUP\vista.exe
2010-07-23 09:12 . 2010-07-23 09:12	73344	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-07-23 09:12 . 2010-07-23 09:12	64000	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-07-23 09:12 . 2010-07-23 09:12	52288	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-07-23 09:12 . 2010-07-23 09:12	122880	----a-w-	c:\users\***\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-08 11:21 . 2008-12-26 14:50	1356	----a-w-	c:\users\***\AppData\Local\d3d9caps.dat
2010-07-01 19:48 . 2010-07-01 19:48	--------	d-----w-	c:\programdata\PopCap Games
2010-06-29 13:54 . 2009-10-29 11:18	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-28 13:31 . 2008-07-25 17:10	--------	d-----w-	c:\programdata\FLEXnet
2010-06-24 20:46 . 2010-06-24 20:46	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbC81B.tmp.exe
2009-05-01 21:02 . 2009-04-15 20:24	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-04-15 20:24	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-21 11:58 . 2008-02-21 11:58	76	--sh--r-	c:\windows\CT4CET.bin
2008-02-21 19:36 . 2008-02-21 19:24	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-02-21 77824]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-15 185896]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-2-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06	40048	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplyEsf-eDocPrintPro]
2009-05-19 19:38	315392	----a-w-	c:\program files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03	17920	----a-w-	c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-03-27 15:13	107176	----a-w-	c:\program files\Lexmark 2600 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07	1828136	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03	292128	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58	36864	----a-w-	c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34	2524416	----a-w-	c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-03-12 18:10	79400	----a-w-	c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 15:39	189736	------w-	c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 11:16	1833296	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 11:52	77824	----a-w-	c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-21 12:14	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-15 16:09	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 0131561230898982mcinstcleanup;McAfee Application Installer Cleanup (0131561230898982);c:\users\***\AppData\Local\Temp\013156~1.EXE [x]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-27 98984]
R3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2007-07-06 17536]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\44CD.tmp [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-02 2862428]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-08-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-21 21:35]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 19:03]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 19:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mpd2c1pu.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mpd2c1pu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-{A5D45779-3B10-B24B-3A59-CC7041E84046} - c:\users\***\AppData\Roaming\Uzung\coaxc.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-08 17:54
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\windows\TEMP\TMP00000004322D65235427A3B3 524288 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\44CD.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3216)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Java\jre1.6.0\bin\jucheck.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-08  18:03:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-08 16:03

Vor Suchlauf: 27 Verzeichnis(se), 36.659.777.536 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 36.799.082.496 Bytes frei

- - End Of File - - EBE9C9AD0D590D3D41058DF50B21B0A5
         

Alt 08.08.2010, 18:14   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.08.2010, 18:34   #10
MissPurzel
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



GMER funktioniert bei mir leider nicht.

Hier der Log von OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:28:43 on 08.08.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl
"DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\44CD.tmp  (File not found)
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\Windows\system32\npptNT2.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - ? - C:\Windows\System32\Drivers\sptd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{D6E8EFB0-F677-454F-97AC-5BE691082BDB}} "ConvertPDF Context Menu Handler" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"PartyPoker.net" - ? - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{201f27d4-3704-41d6-89c1-aa35e39143ed} "{201f27d4-3704-41d6-89c1-aa35e39143ed}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"QuickSet.lnk" - "Dell Inc" - C:\Program Files\Dell\QuickSet\quickset.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"DeStatusMon" - "Dell" - "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
"dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe
"ISUSPM Startup" - "Macrovision Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"OpwareSE4" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Uninstall Adobe Download Manager" - "NOS Microsystems Ltd." - "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"eDocPortMonitor" - "May Software" - C:\Windows\system32\eDocPort.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASKService" (ASKService) - ? - C:\Program Files\AskBarDis\bar\bin\AskService.exe  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dell AIO Center Service" (deMntrService) - "Dell" - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Inkjet Printer/Scanner Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Application Installer Cleanup (0131561230898982)" (0131561230898982mcinstcleanup) - ? - C:\Users\***\AppData\Local\Temp\013156~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service  (File not found)
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
Und das hier ist alles was bei remover.exe kommt:
Code:
ATTFilter
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`87600000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

     Size  Device Name          MBR Status
 --------------------------------------------
   149 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
         

Alt 09.08.2010, 07:43   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Deutsche Bank will 30 Tans - Standard

Trojaner? Deutsche Bank will 30 Tans



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner? Deutsche Bank will 30 Tans
adware.trymedia, angeblich, ask toolbar, avgnt, benötigt, deutsche, deutsche bank, doppel, doppelt, ebanking, eingefangen, funktioniert, gen, heute, installiert, jusched.exe, local\temp, nichts, onlinebanking, pop up, problem, probleme, programme, sache, safer networking, systemwiederherstellung, tan, tans, tastatur, trojaner, trojaner?, trymedia, unbekannte, wirklich, zeichen doppelt



Ähnliche Themen: Trojaner? Deutsche Bank will 30 Tans


  1. Deutsche Bank Trojaner fordert 20 TANs an
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (9)
  2. Deutsche Bank Trojaner 100 Tan
    Log-Analyse und Auswertung - 12.04.2013 (7)
  3. Deutsche Bank Tan Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (3)
  4. 100 Tan Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 08.06.2011 (15)
  5. Deutsche Bank 100 TAN Trojaner - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (34)
  6. 20 TANs von Deutsche Bank OnlineBanking gefordert
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (27)
  7. Deutsche Bank 30 tan trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (22)
  8. Und nochmal Deutsche Bank TAN-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (16)
  9. Deutsche Bank und 20 TANS.....
    Plagegeister aller Art und deren Bekämpfung - 01.11.2010 (7)
  10. Trojaner deutsche Bank TAN eingeben
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  11. Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (34)
  12. Deutsche Bank 100 Tans :(
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (1)
  13. Deutsche Bank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (43)
  14. deutsche bank 30 tan trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (6)
  15. 20 TAN Trojaner in Firefox- Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 02.10.2010 (4)
  16. Deutsche Bank Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (13)
  17. 20 Tan Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (1)

Zum Thema Trojaner? Deutsche Bank will 30 Tans - Hallo, ich habe ein sehr ähnliches Problem, wie hier beschrieben: http://www.trojaner-board.de/88974-t...e-banking.html Ich habe schon einige Virenprogramme laufen lassen, die allerdings nichts finden konnten. Vorhing hatte ich auf einmal Probleme mit - Trojaner? Deutsche Bank will 30 Tans...
Archiv
Du betrachtest: Trojaner? Deutsche Bank will 30 Tans auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.