Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner beim Banking nach Windows7 Installation

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.08.2010, 14:06   #1
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hallo,

vorweg - das ist mein erster Forumseintrag - also sorry wenn ich evt Regeln nicht sauber beachtet habe.

Ich habe gestern von Vista auf Windows7 ein upgrade durchgeführt. Danach hatte ich plötzlich den im Forum bekannten Trojaner der die 40 Tan abfragt.

Ich habe natürlich keine TAN eingegeben, Bank ist benachrichtigt, Online Banking geperrt.

Nun meine Frage:
Wieso kommt der Trojaner erst mit Windows7 und nicht unter Vista? Oder ist das einfach Zufall. Auch kommt er nur beim Firefox nicht mit Chrome. Die letzten Tage war ich erstmals unter Kino.to - hat das evt. damit zu tun?

Auf dem Rechner läuft Antivir und Spyware Terminator - beide zeigen beim Scan nichts an. Der Banking LogIn unter Firefox läuft ab dem Punkt wo der Trojaner sich eingeklingt hatte nicht mehr weiter. (nur wirklich weg ist aber bestimmt auch nicht)

Wie bekomme ich ihn am besten los. Vor der Neuinstallatin habe ich das System noch unter Vista komplett auf eine externe Festplatte gesichert und diese vom Rechner getrennt.

Also altes System wieder aufspielen und Windows7 neu installieren? (War der Trojaner vieleicht schon unter Vista da und nur nicht aktiv?)
oder
Format C und die Daten auf Partition D behalten?
oder
alles formatieren, aber wie rette ich dann meine Daten vom Laufwerk D

Besten Dank für die Antworten schon einmal

Alt 13.08.2010, 14:14   #2
markusg
/// Malware-holic
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



hi, das war wohl nen zufall
finger weg von kino.to die sind bekannt dafür das da mal malware verteilt wird.
format c:
ist das beste, aber ich möchte erst mal dein system ansehen, damit antivirus hersteller die dateien in die erkennung aufnehmen können und dann alle besser geschützt sind.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.
__________________


Alt 13.08.2010, 14:38   #3
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hi Markus

hier der OTL.Txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.08.2010 14:20:44 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 31,68 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 67,04 Gb Total Space | 36,73 Gb Free Space | 54,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC_STEIN
Current User Name: Markus Stein
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Users\Markus Stein\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Fujitsu\DeskViewBasic\DeskViewBasicService.exe (Fujitsu Technology Solutions)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File not found
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (DeskViewBasicService) -- C:\Program Files\Fujitsu\DeskViewBasic\DeskViewBasicService.exe (Fujitsu Technology Solutions)
SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (oxpar) -- C:\Windows\system32\drivers\oxpar.sys (OEM)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Fujitsu Technology Solutions ? IT products, solutions and services
IE - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.13 11:32:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.13 12:47:48 | 000,000,000 | ---D | M]
 
[2010.08.13 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\mozilla\Extensions
[2010.08.13 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\mozilla\Firefox\Profiles\zkk05dy5.default\extensions
[2010.08.13 12:47:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.13 12:47:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.13 12:47:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.08.02 13:56:19 | 000,318,460 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 10923 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2774854112-776828624-3317097996-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [a-squared] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DeskViewBasic] C:\Programme\Fujitsu\DeskViewBasic\DeskViewBasic.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKU\S-1-5-21-2774854112-776828624-3317097996-1000..\Run: [{C8218B8B-A3CC-B249-FFF7-B44AA1B2387C}] C:\Users\Markus Stein\AppData\Roaming\Woyq\haubg.exe (rhsa)
O4 - HKU\S-1-5-21-2774854112-776828624-3317097996-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Programme\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Programme\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Programme\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.MP42 - C:\Windows\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.13 12:48:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.13 12:47:48 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe
[2010.08.13 12:47:48 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe
[2010.08.13 12:47:48 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe
[2010.08.13 12:01:20 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2010.08.13 12:01:20 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\Documents\Anti-Malware
[2010.08.13 11:33:43 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\Mozilla
[2010.08.13 11:32:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.08.13 11:30:49 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.13 11:30:48 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.13 11:15:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.08.13 11:08:16 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.13 11:08:16 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.13 11:08:12 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.08.13 11:08:04 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.08.13 11:08:04 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.08.13 11:08:02 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.13 11:07:48 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.08.13 11:07:46 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.08.13 11:07:44 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.08.13 11:07:42 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.08.13 11:07:40 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.08.13 11:07:32 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.08.13 11:07:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.08.13 11:07:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.08.13 11:07:28 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.08.13 11:07:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.08.13 11:07:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.13 11:07:25 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.13 11:07:23 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.08.13 11:07:22 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.08.13 11:07:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.08.13 11:07:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.13 11:07:12 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.13 11:07:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.13 11:07:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.13 11:07:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.13 11:07:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.13 11:07:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.13 11:07:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.13 11:07:02 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.13 11:07:01 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.08.13 11:07:01 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.08.13 11:07:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.08.13 11:07:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.08.13 11:07:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.08.13 11:07:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.08.13 11:06:59 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.08.13 11:06:58 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.08.13 11:06:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.08.13 11:06:44 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.13 11:06:40 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.08.13 11:06:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.08.13 11:06:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.08.12 21:59:22 | 000,000,000 | ---D | C] -- C:\Windows\PANTHER
[2010.08.12 21:58:39 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010.08.12 21:58:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2010.08.12 21:58:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2010.08.12 21:58:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2010.08.12 21:58:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2010.08.12 21:56:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui
[2010.08.12 21:56:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui
[2010.08.12 21:56:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui
[2010.08.12 21:56:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui
[2010.08.12 21:56:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui
[2010.08.12 21:56:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui
[2010.08.12 21:56:38 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2010.08.12 21:56:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui
[2010.08.12 21:56:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui
[2010.08.12 21:56:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui
[2010.08.12 21:56:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2010.08.12 21:56:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui
[2010.08.12 21:56:37 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2010.08.12 21:56:37 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui
[2010.08.12 21:56:37 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui
[2010.08.12 21:56:37 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui
[2010.08.12 21:56:37 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui
[2010.08.12 21:56:37 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui
[2010.08.12 21:56:37 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui
[2010.08.12 21:56:37 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui
[2010.08.12 21:56:37 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui
[2010.08.12 21:56:37 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui
[2010.08.12 21:56:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui
[2010.08.12 21:56:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2010.08.12 21:56:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui
[2010.08.12 21:56:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui
[2010.08.12 21:56:37 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui
[2010.08.12 21:56:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2010.08.12 21:56:37 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui
[2010.08.12 21:56:37 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui
[2010.08.12 21:56:37 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2010.08.12 21:56:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui
[2010.08.12 21:56:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui
[2010.08.12 21:56:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui
[2010.08.12 21:56:37 | 000,003,072 | ---- | C] (VIA Technologies, Inc.              ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui
[2010.08.12 21:56:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui
[2010.08.12 21:56:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui
[2010.08.12 21:56:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui
[2010.08.12 21:56:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui
[2010.08.12 21:56:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2010.08.12 21:56:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2010.08.12 21:56:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui
[2010.08.12 21:56:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui
[2010.08.12 21:56:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui
[2010.08.12 21:56:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
[2010.08.12 21:56:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui
[2010.08.12 21:56:35 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui
[2010.08.12 21:56:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui
[2010.08.12 21:56:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui
[2010.08.12 21:56:31 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui
[2010.08.12 21:56:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui
[2010.08.12 21:56:31 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui
[2010.08.12 21:56:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui
[2010.08.12 21:56:31 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui
[2010.08.12 21:56:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui
[2010.08.12 21:56:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui
[2010.08.12 21:56:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui
[2010.08.12 21:56:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui
[2010.08.12 21:56:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui
[2010.08.12 21:56:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui
[2010.08.12 21:56:28 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2010.08.12 21:56:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui
[2010.08.12 21:56:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui
[2010.08.12 21:56:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui
[2010.08.12 21:56:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui
[2010.08.12 21:56:25 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2010.08.12 21:56:25 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2010.08.12 21:56:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui
[2010.08.12 21:56:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui
[2010.08.12 21:56:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui
[2010.08.12 21:56:25 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui
[2010.08.12 21:56:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui
[2010.08.12 21:56:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui
[2010.08.12 21:56:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui
[2010.08.12 21:56:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui
[2010.08.12 21:56:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui
[2010.08.12 21:56:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui
[2010.08.12 21:56:24 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui
[2010.08.12 21:56:24 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui
[2010.08.12 21:56:24 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2010.08.12 21:56:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui
[2010.08.12 21:56:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui
[2010.08.12 21:56:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2010.08.12 21:56:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui
[2010.08.12 21:56:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2010.08.12 21:56:24 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui
[2010.08.12 21:56:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui
[2010.08.12 21:56:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui
[2010.08.12 21:56:24 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui
[2010.08.12 21:56:24 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui
[2010.08.12 21:56:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui
[2010.08.12 21:56:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui
[2010.08.12 21:56:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2010.08.12 21:56:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui
[2010.08.12 21:56:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui
[2010.08.12 21:56:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui
[2010.08.12 21:56:24 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2010.08.12 21:56:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui
[2010.08.12 21:56:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui
[2010.08.12 21:56:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui
[2010.08.12 21:49:29 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010.08.12 21:44:54 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010.08.12 15:52:41 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\Woyq
[2010.08.12 14:53:07 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Local\Apps
[2010.08.12 12:51:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.08.12 12:51:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.08.12 12:51:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.08.12 12:49:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.08.12 12:49:05 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.08.12 12:49:05 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.08.12 12:49:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.08.12 12:49:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.08.12 12:49:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.08.12 12:49:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.08.12 12:49:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.08.12 12:49:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.08.12 12:49:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.08.12 12:49:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.08.12 12:07:00 | 000,000,000 | --SD | C] -- C:\Users\Markus Stein\AppData\Roaming\Microsoft
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Videos
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Saved Games
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Pictures
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Music
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Links
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Favorites
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Downloads
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Documents
[2010.08.12 12:07:00 | 000,000,000 | R--D | C] -- C:\Users\Markus Stein\Desktop
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Vorlagen
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\AppData\Local\Verlauf
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\AppData\Local\Temporary Internet Files
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Startmenü
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\SendTo
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Recent
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Netzwerkumgebung
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Lokale Einstellungen
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Documents\Eigene Videos
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Documents\Eigene Musik
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Eigene Dateien
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Documents\Eigene Bilder
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Druckumgebung
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Cookies
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\AppData\Local\Anwendungsdaten
[2010.08.12 12:07:00 | 000,000,000 | -HSD | C] -- C:\Users\Markus Stein\Anwendungsdaten
[2010.08.12 12:07:00 | 000,000,000 | -H-D | C] -- C:\Users\Markus Stein\AppData
[2010.08.12 12:07:00 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Local\Temp
[2010.08.12 12:07:00 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Local\Microsoft
[2010.08.12 12:07:00 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\Media Center Programs
[2010.08.12 12:05:35 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.08.12 12:05:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.08.12 12:02:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.08.10 19:07:04 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\ProgSense
[2010.08.10 18:56:10 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.08.10 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\GrabPro
[2010.08.10 18:54:28 | 000,000,000 | ---D | C] -- C:\downloads
[2010.08.10 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Local\OpenCandy
[2010.08.10 18:54:13 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\OpenCandy
[2010.08.10 18:54:06 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.08.10 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\Orbit
[2010.08.10 11:02:00 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\Desktop\Martina
[2010.08.09 20:28:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.08.09 20:27:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.08.09 19:54:00 | 000,000,000 | ---D | C] -- C:\Programme\Free Window Registry Repair
[2010.08.09 19:37:26 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\Uniblue
[2010.07.29 20:27:06 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\Desktop\showthread.php-Dateien
[2010.07.23 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\Markus Stein\AppData\Roaming\DivX
[2010.07.23 22:05:49 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.07.23 22:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.13 14:22:51 | 006,029,312 | -HS- | M] () -- C:\Users\Markus Stein\NTUSER.DAT
[2010.08.13 14:13:36 | 000,035,060 | ---- | M] () -- C:\Users\Markus Stein\Documents\cc_20100813_141317.reg
[2010.08.13 13:44:32 | 000,010,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 13:44:32 | 000,010,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 13:41:13 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.13 13:41:13 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.13 13:41:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.13 13:41:13 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.13 13:41:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.13 13:37:31 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.13 13:36:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.13 13:36:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.13 13:36:17 | 1509,642,240 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.13 13:34:53 | 001,454,190 | -H-- | M] () -- C:\Users\Markus Stein\AppData\Local\IconCache.db
[2010.08.13 12:47:27 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe
[2010.08.13 12:47:27 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe
[2010.08.13 12:47:26 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe
[2010.08.13 12:47:25 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010.08.13 12:35:03 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774854112-776828624-3317097996-1000UA.job
[2010.08.13 12:07:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.08.13 12:01:41 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.08.13 11:33:19 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.13 11:23:32 | 000,444,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 22:01:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.08.12 21:58:31 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2010.08.12 21:58:31 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2010.08.12 13:37:59 | 000,002,241 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Google Chrome.lnk
[2010.08.12 13:00:28 | 000,124,000 | ---- | M] () -- C:\Users\Markus Stein\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 12:49:13 | 000,000,020 | -HS- | M] () -- C:\Users\Markus Stein\ntuser.ini
[2010.08.12 12:49:06 | 000,000,012 | ---- | M] () -- C:\Windows\System32\drivers\10CF_FUJITSU_FTS_ESPRIMO EDITION P2540  _FUJITSU SIEMENS_D2840-A1_Version 6.00 R1.02.2840.A1_FSC - 60000_6.00 R1.02.2840.A1   _Intel(R) G41 Express-Chipsatz (Microsoft Corporation - WDDM 1.1).MRK
[2010.08.12 12:44:50 | 000,054,699 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.08.12 12:31:29 | 000,021,532 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2010.08.12 12:07:02 | 000,524,288 | -HS- | M] () -- C:\Users\Markus Stein\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.08.12 12:07:02 | 000,524,288 | -HS- | M] () -- C:\Users\Markus Stein\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.12 12:07:02 | 000,065,536 | -HS- | M] () -- C:\Users\Markus Stein\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.12 11:40:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 11:40:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 10:38:14 | 000,003,378 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Windows-Kompatibilitätsbericht.htm
[2010.08.12 10:31:45 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.08.12 10:31:45 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.08.10 18:54:24 | 000,000,854 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Orbit.lnk
[2010.08.10 16:35:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774854112-776828624-3317097996-1000Core.job
[2010.08.09 20:29:28 | 000,001,407 | ---- | M] () -- C:\Users\Markus Stein\Desktop\DivX Movies.lnk
[2010.08.09 20:29:07 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.09 20:28:13 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.08.09 20:09:56 | 000,002,633 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Microsoft Office Excel 2007.lnk
[2010.08.09 19:54:03 | 000,000,846 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Free Window Registry Repair.lnk
[2010.08.09 19:53:34 | 000,798,000 | ---- | M] () -- C:\Users\Markus Stein\Desktop\RegpairSetup_2.0.exe
[2010.08.09 19:47:06 | 000,001,063 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Revo Uninstaller.lnk
[2010.08.09 11:33:46 | 000,147,484 | ---- | M] () -- C:\Users\Markus Stein\Desktop\ARCANUM VIA MONTANA 1.pdf
[2010.07.29 20:27:10 | 000,042,146 | ---- | M] () -- C:\Users\Markus Stein\Desktop\showthread.php.htm
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.07.25 10:39:47 | 000,002,631 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Microsoft Office Word 2007.lnk
[2010.07.23 18:44:04 | 000,318,854 | ---- | M] () -- C:\Users\Markus Stein\AppData\Roaming\mdbu.bin
[2010.07.21 12:53:49 | 000,207,360 | ---- | M] () -- C:\Users\Markus Stein\Desktop\Modultabelle-BELO-9-Trimester.doc
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.13 14:13:28 | 000,035,060 | ---- | C] () -- C:\Users\Markus Stein\Documents\cc_20100813_141317.reg
[2010.08.13 12:07:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.08.13 12:01:41 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.08.13 11:33:19 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.12 21:59:03 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.08.12 21:59:03 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.08.12 21:59:03 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.08.12 21:59:03 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.12 12:49:13 | 000,000,020 | -HS- | C] () -- C:\Users\Markus Stein\ntuser.ini
[2010.08.12 12:49:06 | 000,000,012 | ---- | C] () -- C:\Windows\System32\drivers\10CF_FUJITSU_FTS_ESPRIMO EDITION P2540  _FUJITSU SIEMENS_D2840-A1_Version 6.00 R1.02.2840.A1_FSC - 60000_6.00 R1.02.2840.A1   _Intel(R) G41 Express-Chipsatz (Microsoft Corporation - WDDM 1.1).MRK
[2010.08.12 12:31:29 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010.08.12 12:07:00 | 000,524,288 | -HS- | C] () -- C:\Users\Markus Stein\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.08.12 12:07:00 | 000,524,288 | -HS- | C] () -- C:\Users\Markus Stein\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.12 12:07:00 | 000,262,144 | -HS- | C] () -- C:\Users\Markus Stein\ntuser.dat.LOG1
[2010.08.12 12:07:00 | 000,065,536 | -HS- | C] () -- C:\Users\Markus Stein\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.12 12:07:00 | 000,000,000 | -HS- | C] () -- C:\Users\Markus Stein\ntuser.dat.LOG2
[2010.08.12 12:06:59 | 006,029,312 | -HS- | C] () -- C:\Users\Markus Stein\NTUSER.DAT
[2010.08.12 12:06:04 | 000,010,320 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 12:06:04 | 000,010,320 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 10:38:14 | 000,003,378 | ---- | C] () -- C:\Users\Markus Stein\Desktop\Windows-Kompatibilitätsbericht.htm
[2010.08.12 10:31:43 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.08.12 10:31:43 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.08.10 18:54:24 | 000,000,854 | ---- | C] () -- C:\Users\Markus Stein\Desktop\Orbit.lnk
[2010.08.10 16:31:53 | 000,002,241 | ---- | C] () -- C:\Users\Markus Stein\Desktop\Google Chrome.lnk
[2010.08.10 16:30:45 | 000,001,146 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774854112-776828624-3317097996-1000UA.job
[2010.08.10 16:30:44 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2774854112-776828624-3317097996-1000Core.job
[2010.08.09 20:29:28 | 000,001,407 | ---- | C] () -- C:\Users\Markus Stein\Desktop\DivX Movies.lnk
[2010.08.09 20:29:07 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.09 20:28:13 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.08.09 19:54:03 | 000,000,846 | ---- | C] () -- C:\Users\Markus Stein\Desktop\Free Window Registry Repair.lnk
[2010.08.09 19:53:30 | 000,798,000 | ---- | C] () -- C:\Users\Markus Stein\Desktop\RegpairSetup_2.0.exe
[2010.08.09 11:33:46 | 000,147,484 | ---- | C] () -- C:\Users\Markus Stein\Desktop\ARCANUM VIA MONTANA 1.pdf
[2010.07.29 20:27:06 | 000,042,146 | ---- | C] () -- C:\Users\Markus Stein\Desktop\showthread.php.htm
[2010.07.21 12:53:47 | 000,207,360 | ---- | C] () -- C:\Users\Markus Stein\Desktop\Modultabelle-BELO-9-Trimester.doc
[2010.03.09 19:38:44 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.02.05 18:52:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.04 16:48:32 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.08.16 15:23:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.08.11 18:48:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.05 10:58:41 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.05 10:58:32 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.02 12:25:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.17 10:10:51 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
 
========== LOP Check ==========
 
[2010.08.12 16:36:50 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICAClient
[2010.08.12 16:36:55 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Spyware Terminator
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Atry
[2010.07.25 10:45:51 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Azqyv
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Canneverbe Limited
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Canneverbe_Limited
[2010.08.13 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Epidva
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\GARMIN
[2010.08.10 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\GrabPro
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\ICAClient
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\iScreensaver
[2010.08.12 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\OpenCandy
[2010.08.13 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Orbit
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\ProgSense
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Rusy
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Siyvh
[2010.08.13 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Spyware Terminator
[2010.08.12 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Uniblue
[2010.08.12 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\VSRevoGroup
[2010.08.12 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Woyq
[2009.07.14 06:53:46 | 000,002,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.12 12:22:26 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\ABBYY
[2010.08.12 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Adobe
[2010.08.12 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Ahead
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Apple Computer
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Atry
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Avira
[2010.07.25 10:45:51 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Azqyv
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Canneverbe Limited
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Canneverbe_Limited
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\DivX
[2010.08.13 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Epidva
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\GARMIN
[2010.08.10 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\GrabPro
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\ICAClient
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Identities
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\iScreensaver
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Macromedia
[2009.07.14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Media Center Programs
[2010.08.12 12:31:03 | 000,000,000 | --SD | M] -- C:\Users\Markus Stein\AppData\Roaming\Microsoft
[2010.08.13 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Mozilla
[2010.08.12 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\OpenCandy
[2010.08.13 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Orbit
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\ProgSense
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Rusy
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Siyvh
[2010.08.13 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Spyware Terminator
[2009.12.19 17:20:23 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\U3
[2010.08.12 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Uniblue
[2010.08.12 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\vlc
[2010.08.12 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\VSRevoGroup
[2010.08.12 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Woyq
 
< %APPDATA%\*.exe /s >
[2009.11.19 21:41:27 | 000,025,214 | R--- | M] () -- C:\Users\Markus Stein\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
[2009.11.19 21:41:27 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Markus Stein\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe
[2009.11.19 21:41:28 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Markus Stein\AppData\Roaming\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe
[2010.05.04 17:29:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Markus Stein\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
[2010.04.08 14:54:26 | 000,029,310 | R--- | M] () -- C:\Users\Markus Stein\AppData\Roaming\Microsoft\Installer\{F25D418D-0124-4633-8930-AC4138D3BD92}\AppName_F25D418D012446338930AC4138D3BD92.exe
[2010.04.08 14:54:26 | 000,029,310 | R--- | M] () -- C:\Users\Markus Stein\AppData\Roaming\Microsoft\Installer\{F25D418D-0124-4633-8930-AC4138D3BD92}\ARPPRODUCTICON.exe
[2010.08.10 18:54:23 | 000,331,304 | ---- | M] () -- C:\Users\Markus Stein\AppData\Roaming\OpenCandy\OpenCandy_B34C1C90AB984D31B6D43A14A8CFE17B\DLMgr_3_1.6.44.exe
[2010.05.05 19:53:38 | 004,072,576 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Markus Stein\AppData\Roaming\OpenCandy\OpenCandy_B34C1C90AB984D31B6D43A14A8CFE17B\registrybooster21.exe
[2010.08.10 18:55:54 | 004,125,269 | ---- | M] () -- C:\Users\Markus Stein\AppData\Roaming\OpenCandy\OpenCandy_B34C1C90AB984D31B6D43A14A8CFE17B\registrybooster21Wrapped.exe
[2010.02.19 19:23:59 | 000,133,120 | ---- | M] (sesee) -- C:\Users\Markus Stein\AppData\Roaming\Rusy\reoxq.exe
[2010.08.12 15:52:41 | 000,133,632 | ---- | M] (rhsa) -- C:\Users\Markus Stein\AppData\Roaming\Woyq\haubg.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.11.01 21:31:46 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Fujitsu\Driver Pool\12\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008.09.10 18:07:48 | 000,182,288 | ---- | M] (AMD Technologies Inc.) MD5=6F1565AD2C46A5BC20107A4626E9A340 -- C:\Fujitsu\Driver Pool\12\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Fujitsu\Driver Pool\3\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b713da3dc2c70b47\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_916ee8d64bb718d0\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< End of report >
         
--- --- ---
__________________

Alt 13.08.2010, 14:40   #4
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



und hier der Extra.txt - war zuviel für eine Antwort.

Gruß
MarkusOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.08.2010 14:20:44 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 31,68 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 67,04 Gb Total Space | 36,73 Gb Free Space | 54,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC_STEIN
Current User Name: Markus Stein
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2774854112-776828624-3317097996-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{714ACFF3-B8A3-4AD6-937B-13C833D71031}" = Nero 7 Essentials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{BE90CE58-41DE-4708-9291-A9D1D49B1031}" = SecurDisc Viewer
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F25D418D-0124-4633-8930-AC4138D3BD92}" = Schatzgräber - Abenteuer Archäologie
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AirAssault2_is1" = Air Assault 2
"Arena 2.0.1_is1" = Arena 2.0.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Window Registry Repair" = Free Window Registry Repair
"Google Updater" = Google Updater
"Hex-a-hop_is1" = Hex-a-hop (v1.01)
"Media Markt Fotoservice_is1" = Media Markt Fotoservice
"Metin2_is1" = Metin2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NosTale_is1" = Nostale(DE)
"NSchach3a_is1" = N Schach 3 beta
"Orbit_is1" = Orbit Downloader
"PROHYBRIDR" = 2007 Microsoft Office system
"Revo Uninstaller" = Revo Uninstaller 1.89
"Spyware Terminator_is1" = Spyware Terminator
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"VLC media player" = VLC media player 1.0.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2774854112-776828624-3317097996-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 13.08.2010, 15:20   #5
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hallo,

die Logs habe ich eingestellt. Aber wäre es in diesem Fall nicht einfacher/schneller das alte System wiederherzustellen und Windows7 neu aufzuspielen?

Gruß
Markus


Alt 13.08.2010, 15:21   #6
markusg
/// Malware-holic
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



der spyware terminator ist nicht so besonders, verzichte auf ihn.
wir werden dann nach formatierung das system so absichern, das ein antivirus programm wenig zu tun haben wird. im besten falle natürlich überhaupt nichts mehr.

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-2774854112-776828624-3317097996-1000..\Run: [{C8218B8B-A3CC-B249-FFF7-B44AA1B2387C}] C:\Users\Markus Stein\AppData\Roaming\Woyq\haubg.exe
(rhsa)
[2010.08.12 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Atry
[2010.07.25 10:45:51 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Azqyv
[2010.08.13 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Epidva
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Rusy
[2010.08.12 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Siyvh
[2010.08.12 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\Markus Stein\AppData\Roaming\Woyq
[2010.02.19 19:23:59 | 000,133,120 | ---- | M] (sesee) -- C:\Users\Markus Stein\AppData\Roaming\Rusy
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


danach öffne "mein computer" (arbeitsplatz. dort öffne _OTL und dort nen rechtsklick auf moved files
packe den ordner mit winzip oder rar. lad ihn zu uns hoch, wie unter punkt2 beschrieben.
http://www.trojaner-board.de/54791-a...ner-board.html

Alt 13.08.2010, 15:40   #7
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hier das Dokument

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2774854112-776828624-3317097996-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{C8218B8B-A3CC-B249-FFF7-B44AA1B2387C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8218B8B-A3CC-B249-FFF7-B44AA1B2387C}\ not found.
C:\Users\Markus Stein\AppData\Roaming\Woyq\haubg.exe moved successfully.
C:\Users\Markus Stein\AppData\Roaming\Atry folder moved successfully.
C:\Users\Markus Stein\AppData\Roaming\Azqyv folder moved successfully.
C:\Users\Markus Stein\AppData\Roaming\Epidva folder moved successfully.
C:\Users\Markus Stein\AppData\Roaming\Rusy folder moved successfully.
C:\Users\Markus Stein\AppData\Roaming\Siyvh folder moved successfully.
C:\Users\Markus Stein\AppData\Roaming\Woyq folder moved successfully.
File C:\Users\Markus Stein\AppData\Roaming\Rusy not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gast
->Flash cache emptied: 41 bytes

User: Markus Stein
->Flash cache emptied: 3292 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 50545 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->FireFox cache emptied: 3457752 bytes
->Flash cache emptied: 0 bytes

User: Markus Stein
->Temp folder emptied: 3823633 bytes
->Temporary Internet Files folder emptied: 102696 bytes
->Java cache emptied: 146584566 bytes
->FireFox cache emptied: 29862175 bytes
->Google Chrome cache emptied: 9485907 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 166107 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1474099 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 186,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08132010_152412

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Zip Datei folgt

Gruß
Markus

Alt 13.08.2010, 15:49   #8
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hallo,

die ZIP Datei ist hochgeladen - ich kann nur im Forum nicht sehen wo sie ist. Ich hoffe Du hast Zugriff darauf.

Gruß
Markus[/QUOTE]

Alt 13.08.2010, 15:59   #9
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hallo,

die ZIP Datei ist hochgeladen - ich kann nur im Forum nicht sehen wo sie ist. Ich hoffe Du hast Zugriff darauf.

Gruß
Markus

Alt 13.08.2010, 16:05   #10
markusg
/// Malware-holic
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



jo habe ich.
also nun daten sichern, formatieren und dann folgende tipps beachten, sind für windows 7.

Standard nutzer einrichten.
obwohl windows 7 die uac hatt, ist es besser, ein eingeschrenktes nutzerkonto einzurichten. standard und admin konto sollten natürlich beide passwort geschützt sein.
klicke start, tippe unter suchen (ausführen) systemsteuerung. wähle dort Benutzerkonten hinzufügen/entfernen.
wähle "neues konto erstellen"
Wähle standard benutzer.
wenn du jetzt auf das neue konto klickst, kannst du ein kennwort vergeben, das solltest du natürlich auch für das admin konto machen.

unter admin folgendes:
Klicke start ausführen (suchen) dann tippe
uac
enter
nachfrage bestätigen und die uac auf maximum setzen.


dep für alle prozesse:
Datenausführungsverhinderung (DEP)
• "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:".
wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen.

SEHOP aktivieren:
Aktivieren von SEHOP &#40;Structured Exception Handling Overwrite Protection&#41; in Windows-Betriebssystemen
klicke auf "Feature automatisch aktivieren"
und folge den anweisungen
für firefox folgende plugins
noscript:
http://filepony.de/download-adblock_firefox//
filterlisten:
Adblock Plus: Bekannte Filterlisten für Adblock Plus
nimmst 2 deutsche + malware blocklist.
um das surfen sicherer zu machen, würde ich Sandboxie empfehlen.
Download:
drop.io
(als pdf)
wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen.
1. es gibt dann noch ein paar mehr funktionen.
2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig.
3. ist die lizenz lebenslang gültig, kostenpunkt rund 25 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen.
um dein system aktuell zu halten, nutze secunia:

http://www.trojaner-board.de/83959-s...ector-psi.html
und file hippo:
FileHippo.com - Download Free Software
endere nun alle passwörter.
online banking sollte man auch absichern, dazu bei der bank nachfragen, ob folgende verfahren zur verfügung stehen:
kombination aus fints/hbci
fints als einzellösung
oder hbci.
eine aufrüstung ist mit ein paar kosten verbunden, halten sich aber in grenzen.

Alt 13.08.2010, 16:11   #11
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hallo,

reicht es wenn ich das Laufwerk C formatiere. Alle meine Daten liegen sowieso in der Partition D.

Gruß
Markus

Alt 13.08.2010, 16:22   #12
markusg
/// Malware-holic
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



jo laufwerk c: reicht.
aber nicht die schnelle formatierung bitte.

Alt 13.08.2010, 17:48   #13
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Hallo,

vielen, vielen Dank für die Super Anleitung. Ich habe alles wie angegeben durchgeführt und das Online Banking läuft wieder wie geschmiert. In Zukunft werde ich kino.to und Online Banking immer im Sandkasten spielen - echt super Programm.
Nochmals vielen Dank und ich mache mich jetzt an das Installieren der restlichen Software.

Viele Grüße
Markus

Alt 13.08.2010, 17:56   #14
markusg
/// Malware-holic
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



hallo, das gesammte browsen sollte in der sandbox statt finden und die sandbox immer geleert werden, heut zu tage sind sehr oft auch legitime seiten befallen und man kann nicht genug aufpassen
und lasse dich von der bank beraten, pin tan ist nicht mehr so sicher.

Alt 13.08.2010, 18:34   #15
Mondschein
 
Trojaner beim Banking nach Windows7 Installation - Standard

Trojaner beim Banking nach Windows7 Installation



Dank für den Tip. Bei meiner Bank sind es sowieso schon iTan und ab einer bestimmten Summe kommt die TAN per SMS. TAN abgreifen wie bei dem Trojaner macht hier eigentlich keinen Sinn mehr. Trotzdem wird man nervös wenn bei einer eigentlich sicheren (!?) https Verbindung sich ein Trojaner dazwischen setzen kann.

Gruß
Markus

Antwort

Themen zu Trojaner beim Banking nach Windows7 Installation
40 tan, aktiv, altes system, antivir, antworten, banking-trojaner, externe festplatte, festplatte, firefox, formatieren, frage, installation, kino.to, laufwerk, nicht mehr, nichts, online, online banking, plötzlich, rechner, regeln, scan, spyware, spyware terminator, system, tan, trojaner, vista, windows



Ähnliche Themen: Trojaner beim Banking nach Windows7 Installation


  1. Nach vermeintlicher DHL-Mail Probleme beim Online-Banking und massenhaft Mails
    Plagegeister aller Art und deren Bekämpfung - 12.06.2015 (28)
  2. Nach Windows7 Installation starke Hitzeprobleme beim Notebook
    Netzwerk und Hardware - 05.05.2015 (3)
  3. Bluescreen gegen Ende von Windows7 Installation, Abbruch der Installation
    Alles rund um Windows - 27.05.2014 (2)
  4. Probleme beim booten von Vista nach der Installation von VistaGlazz!
    Alles rund um Windows - 14.10.2013 (4)
  5. Trojaner beim Online-Banking
    Log-Analyse und Auswertung - 15.06.2013 (17)
  6. Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an
    Log-Analyse und Auswertung - 24.05.2013 (23)
  7. Noch ein Trojaner beim Postbank Online Banking
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (20)
  8. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  9. Keylogger/Trojaner mischte sich beim Online-Banking ein
    Log-Analyse und Auswertung - 03.06.2011 (28)
  10. Trojaner verlangt beim Sparkassen-Online-banking 100 Tan-Nummern
    Log-Analyse und Auswertung - 01.05.2011 (7)
  11. Trojaner iTAN 20 Online Banking - Windows7
    Log-Analyse und Auswertung - 07.04.2011 (3)
  12. Trojaner fragt nach TAN´s beim Online-Banking
    Log-Analyse und Auswertung - 03.01.2011 (34)
  13. 20-TAN Trojaner beim Online-Banking - Trojan.Dropper
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (14)
  14. TAN Trojaner beim Online Banking der Deutschen Bank :(
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (12)
  15. Trojaner beim Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (38)
  16. Verdacht auf Trojaner beim Online-Banking
    Log-Analyse und Auswertung - 14.03.2009 (7)
  17. Problem beim Internetzugriff nach Installation von Panda Security 2007
    Antiviren-, Firewall- und andere Schutzprogramme - 26.02.2007 (13)

Zum Thema Trojaner beim Banking nach Windows7 Installation - Hallo, vorweg - das ist mein erster Forumseintrag - also sorry wenn ich evt Regeln nicht sauber beachtet habe. Ich habe gestern von Vista auf Windows7 ein upgrade durchgeführt. Danach - Trojaner beim Banking nach Windows7 Installation...
Archiv
Du betrachtest: Trojaner beim Banking nach Windows7 Installation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.