Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner - Fishing der TANs beim Online Banking der Postbank

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.09.2010, 22:31   #1
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Bitte um Hilfe! Ein Trojaner hat versucht meine TAN-Daten über ein Popup-Fenster beim Online Banking der Postbank zu erspähen.
Malwarebytes, FSECURE und Windows Defender schlagen nicht an.

Hier das Logfile des ComboFix:Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-27.05 - Zuhause 28.09.2010  22:31:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1022.300 [GMT 2:00]
ausgeführt von:: c:\users\Zuhause\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\96729996.ini
c:\users\Zuhause\AppData\Local\Temp\cmdlperf.dll
c:\users\Zuhause\AppData\Roaming\Microsoft\Windows\Recent\1.url
c:\windows\system\Color
c:\windows\system32\jgaw400.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-28  ))))))))))))))))))))))))))))))
.

2010-09-28 20:59 . 2010-09-28 20:59	--------	d-----w-	c:\users\Zuhause\AppData\Local\temp
2010-09-28 20:59 . 2010-09-28 20:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-28 20:02 . 2010-06-22 12:57	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-28 04:55 . 2010-04-16 16:10	501760	----a-w-	c:\windows\system32\usp10.dll
2010-09-28 04:55 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-28 04:55 . 2010-04-05 16:08	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-28 04:54 . 2010-05-27 19:16	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-26 18:22 . 2010-09-26 18:22	--------	d-----w-	c:\users\Zuhause\AppData\Roaming\QuickScan
2010-09-25 09:31 . 2010-09-25 09:31	--------	d-----w-	c:\users\Zuhause\AppData\Local\Mozilla
2010-09-04 16:17 . 2010-09-04 16:17	--------	dc----w-	c:\program files\iPod
2010-09-04 16:02 . 2010-09-04 16:04	--------	dc----w-	c:\program files\QuickTime
2010-09-04 11:22 . 2010-09-04 11:22	--------	d-----w-	c:\users\Zuhause\AppData\Local\Apps
2010-09-04 11:22 . 2010-09-04 16:07	--------	d-----w-	c:\users\Zuhause\AppData\Local\Deployment

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 20:46 . 2010-07-04 20:14	--------	d-----w-	c:\programdata\TwonkyMedia
2010-09-28 20:20 . 2010-07-04 20:14	--------	dc----w-	c:\program files\TwonkyMedia
2010-09-28 20:17 . 2010-04-10 16:49	--------	dc----w-	c:\program files\Microsoft Silverlight
2010-09-28 04:56 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-19 03:56 . 2006-11-02 15:33	618204	----a-w-	c:\windows\system32\perfh007.dat
2010-09-19 03:56 . 2006-11-02 15:33	122442	----a-w-	c:\windows\system32\perfc007.dat
2010-09-04 16:17 . 2008-04-22 19:59	--------	d-----w-	c:\program files\Common Files\Apple
2010-09-01 18:15 . 2008-01-10 21:35	--------	d-----w-	c:\users\Zuhause\AppData\Roaming\Skype
2010-09-01 17:07 . 2008-01-10 21:40	--------	d-----w-	c:\users\Zuhause\AppData\Roaming\skypePM
2010-08-29 20:52 . 2006-12-12 17:12	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-28 21:28 . 2010-06-11 22:44	--------	d-----w-	c:\programdata\city balm loud
2010-08-28 21:16 . 2007-08-25 09:39	--------	d-----w-	c:\program files\WISO
2010-08-14 22:03 . 2007-10-27 08:05	--------	d-----w-	c:\program files\Google
2010-08-13 21:19 . 2006-12-12 17:44	--------	d-----w-	c:\program files\NewTech Infosystems
2010-08-13 21:19 . 2006-12-12 17:44	--------	d-----w-	c:\program files\Common Files\NewTech Infosystems
2010-08-13 21:16 . 2009-11-19 11:31	--------	d-----w-	c:\programdata\NOS
2010-08-13 17:14 . 2007-09-24 19:05	--------	d-----w-	c:\program files\Common Files\Java
2010-08-13 17:09 . 2010-08-13 17:10	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-08-13 17:09 . 2007-09-25 20:04	--------	d-----w-	c:\program files\Java
2010-08-08 15:18 . 2008-04-01 18:25	--------	d-----w-	c:\program files\Larry
2010-08-08 14:24 . 2006-12-12 17:22	--------	d-----w-	c:\program files\Acer Zone
2010-08-07 09:05 . 2010-08-02 20:32	--------	d-----w-	c:\users\Zuhause\AppData\Roaming\LiveCAD3
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2003-11-17 118832]
"F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 647168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="d:\musik\ITunes\iTunesHelper.exe" [2010-09-01 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-25 110592]
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2009-11-1 315392]
VPro500.lnk - c:\windows\VPro500.exe [2008-2-20 467968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bleh idol]
c:\programdata\Remote pure pure.mjkwt [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33	125952	----a-w-	c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 MMEX300;AIWA MM-EX300 USB driver;c:\windows\system32\Drivers\MMEX300.sys [2001-03-06 46443]
R2 PPSCAN;PPSCAN; [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-28 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-12-28 265088]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\DRIVERS\NETFWDSL.SYS [x]
R3 SPC610NC;Philips SPC500NC Webcam;c:\windows\system32\DRIVERS\SPC610NC.SYS [2005-10-13 156800]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2007-07-01 682232]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2003-12-01 82304]
S0 sonypvl3;sonypvl3; [x]
S1 sonypvf3;sonypvf3; [x]
S1 sonypvt3;sonypvt3; [x]
S2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 48720]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2003-11-14 42576]
S2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 16048]
S2 PPCLASS;PPCLASS; [x]
S2 TwonkyMedia;TwonkyMedia;c:\program files\TwonkyMedia\twonkymediaserverwatchdog.exe [2009-05-04 263824]

.
Inhalt des "geplante Tasks" Ordners

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 10:40]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 10:40]

2010-09-28 c:\windows\Tasks\User_Feed_Synchronization-{24A3E891-DFFF-433A-AF38-A978226196B4}.job
- c:\windows\system32\msfeedssync.exe [2010-09-05 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\a17mrx9q.default\
FF - component: c:\users\Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\a17mrx9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Zuhause\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Zuhause\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\a17mrx9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: d:\musik\ITunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
d:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-28 22:59
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-28  23:15:50
ComboFix-quarantined-files.txt  2010-09-28 21:15

Vor Suchlauf: 12 Verzeichnis(se), 50.901.360.640 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 50.891.751.424 Bytes frei

- - End Of File - - FD791911E8B64C357EB21D852068DB64
         
--- --- ---

Alt 29.09.2010, 10:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Hallo und

CF soll nur auf explizite Anweisung hin ausgeführt werden, das steht doch hier überall dick und fett! Übersehen?

Auch wenn nichts gefunden wurde, bitte alle Logs von Malwarebytes posten!
__________________

__________________

Alt 30.09.2010, 05:29   #3
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



sorry, bin zum ersten Mal hier und habe es übersehen...

hier das Malwarebytes logfile:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4717

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

30.09.2010 00:21:00
mbam-log-2010-09-30 (00-21-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|L:\|M:\|)
Durchsuchte Objekte: 354040
Laufzeit: 3 Stunde(n), 40 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 30.09.2010, 15:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.10.2010, 22:37   #5
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



File 1:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.10.2010 23:14:14 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Zuhause\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 21,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,33 Gb Total Space | 47,29 Gb Free Space | 55,42% Space Free | Partition Type: NTFS
Drive D: | 72,20 Gb Total Space | 34,36 Gb Free Space | 47,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149,01 Gb Total Space | 16,32 Gb Free Space | 10,95% Space Free | Partition Type: FAT32
Drive M: | 9,83 Gb Total Space | 9,75 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS
Current User Name: Zuhause
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zuhause\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
PRC - C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe ()
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE ()
PRC - C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe ()
PRC - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe (F-Secure Corp.)
PRC - C:\Program Files\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSM32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE (F-Secure Corp.)
PRC - C:\Program Files\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corp.)
PRC - C:\Program Files\F-Secure\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FIH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zuhause\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TwonkyMedia) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe (PacketVideo)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BackWeb Client - 7681197) -- C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe ()
SRV - (FSDFWD) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (fsbwsys) -- C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe (F-Secure Corp.)
SRV - (FSMA) -- C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Program Files\F-Secure\Common\FNRB32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\DRIVERS\wanatw4.sys File not found
DRV - (STV680) -- C:\Windows\System32\drivers\STV680.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NETFWDSL) -- C:\Windows\System32\DRIVERS\NETFWDSL.SYS File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Zuhause\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (TPkd) -- C:\Windows\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sonypvl3) -- C:\Windows\System32\drivers\sonypvl3.sys (Sony Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) -- C:\Windows\System32\drivers\se2Eunic.sys (MCCI)
DRV - (SE2Eobex) -- C:\Windows\System32\drivers\SE2Eobex.sys (MCCI)
DRV - (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) -- C:\Windows\System32\drivers\se2End5.sys (MCCI)
DRV - (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\SE2Emgmt.sys (MCCI)
DRV - (SE2Emdm) -- C:\Windows\System32\drivers\SE2Emdm.sys (MCCI)
DRV - (SE2Emdfl) -- C:\Windows\System32\drivers\SE2Emdfl.sys (MCCI)
DRV - (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (SPC610NC) -- C:\Windows\System32\drivers\SPC610NC.sys (PixArt Imaging Inc.)
DRV - (sonypvt3) -- C:\Windows\System32\drivers\sonypvt3.sys (Sony Corporation)
DRV - (sonypvf3) -- C:\Windows\System32\drivers\sonypvf3.sys (Sony Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (MMEX300) -- C:\Windows\System32\drivers\MMEX300.sys (AIWA CO., LTD.)
DRV - (PPSCAN) -- C:\Windows\System32\drivers\ppscan.sys (Shuttle Technology.)
DRV - (PPCLASS) -- C:\Windows\System32\drivers\ppclass.sys (Silitek Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.38
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Firefox\components [2010.09.25 11:31:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Firefox\plugins [2010.09.25 11:30:57 | 000,000,000 | ---D | M]
 
[2010.09.25 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Zuhause\AppData\Roaming\mozilla\Extensions
[2010.10.01 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\a17mrx9q.default\extensions
[2010.09.25 13:30:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\a17mrx9q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.26 20:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\a17mrx9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
 
O1 HOSTS File: ([2010.09.28 22:59:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\TNB\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zuhause\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zuhause\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.23 10:20:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.01 22:42:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zuhause\Desktop\OTL.exe
[2010.09.28 23:15:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.09.28 23:15:53 | 000,000,000 | ---D | C] -- C:\Users\Zuhause\AppData\Local\temp
[2010.09.28 22:27:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.09.28 22:27:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.09.28 22:27:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.09.28 22:26:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.09.28 22:23:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.09.28 22:21:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.28 22:02:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.28 06:55:22 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.28 06:07:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.26 20:22:27 | 000,000,000 | ---D | C] -- C:\Users\Zuhause\AppData\Roaming\QuickScan
[2010.09.25 11:31:37 | 000,000,000 | ---D | C] -- C:\Users\Zuhause\AppData\Local\Mozilla
[2010.09.25 11:31:36 | 000,000,000 | ---D | C] -- C:\Users\Zuhause\AppData\Roaming\Mozilla
[2010.09.04 18:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.09.04 18:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.09.04 13:22:44 | 000,000,000 | ---D | C] -- C:\Users\Zuhause\AppData\Local\Apps
[2010.09.04 13:22:42 | 000,000,000 | ---D | C] -- C:\Users\Zuhause\AppData\Local\Deployment
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.01 23:27:55 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{24A3E891-DFFF-433A-AF38-A978226196B4}.job
[2010.10.01 23:20:19 | 002,621,440 | -HS- | M] () -- C:\Users\Zuhause\ntuser.dat
[2010.10.01 22:58:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.01 22:43:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zuhause\Desktop\OTL.exe
[2010.10.01 22:36:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.01 22:36:53 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.01 22:36:50 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.01 22:36:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.01 22:36:45 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010.09.30 06:31:20 | 000,524,288 | -HS- | M] () -- C:\Users\Zuhause\ntuser.dat{a3434a0a-68d7-11dc-bc5d-0019db343949}.TMContainer00000000000000000001.regtrans-ms
[2010.09.30 06:31:20 | 000,065,536 | -HS- | M] () -- C:\Users\Zuhause\ntuser.dat{a3434a0a-68d7-11dc-bc5d-0019db343949}.TM.blf
[2010.09.28 23:33:27 | 002,287,247 | -H-- | M] () -- C:\Users\Zuhause\AppData\Local\IconCache.db
[2010.09.28 22:59:46 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.09.28 22:59:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.28 22:22:48 | 003,855,377 | R--- | M] () -- C:\Users\Zuhause\Desktop\ComboFix.exe
[2010.09.28 06:59:08 | 000,000,310 | ---- | M] () -- C:\Windows\win.ini
[2010.09.25 11:31:03 | 000,000,534 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2010.09.28 22:27:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.09.28 22:27:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.09.28 22:27:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.09.28 22:27:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.09.28 22:27:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.28 06:06:17 | 003,855,377 | R--- | C] () -- C:\Users\Zuhause\Desktop\ComboFix.exe
[2010.09.25 11:31:03 | 000,000,534 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.04 22:14:32 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5
[2010.07.04 20:59:43 | 000,315,408 | ---- | C] () -- C:\ProgramData\poke deaf comp.0dph0
[2010.07.04 20:58:53 | 000,233,488 | ---- | C] () -- C:\ProgramData\Remote pure pure.sshnia7
[2010.07.04 20:58:53 | 000,069,648 | ---- | C] () -- C:\ProgramData\Remote pure pure.lgc1u
[2010.06.20 18:22:08 | 000,405,520 | ---- | C] () -- C:\ProgramData\Remote pure pure.7efxa
[2010.06.12 00:44:36 | 000,315,408 | ---- | C] () -- C:\ProgramData\Remote pure pure.mjkwt
[2010.06.12 00:44:35 | 000,024,592 | ---- | C] () -- C:\ProgramData\Remote pure pure.f22tpb
[2010.01.23 23:59:48 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.23 23:59:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.01 14:34:41 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2009.11.01 14:34:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2009.02.18 22:42:01 | 000,000,552 | ---- | C] () -- C:\Users\Zuhause\AppData\Local\d3d8caps.dat
[2009.01.31 22:30:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.04.27 19:53:20 | 000,000,183 | ---- | C] () -- C:\Windows\WISO.INI
[2008.01.10 23:40:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.12.24 23:22:53 | 000,008,160 | ---- | C] () -- C:\Users\Zuhause\AppData\Local\d3d9caps.dat
[2007.08.25 11:37:59 | 000,000,241 | ---- | C] () -- C:\Windows\BUHL.INI
[2007.06.25 21:02:08 | 000,000,189 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007.06.25 20:55:31 | 000,024,064 | ---- | C] () -- C:\Users\Zuhause\AppData\Roaming\UserTile.png
[2007.06.01 20:30:43 | 000,069,120 | ---- | C] () -- C:\Users\Zuhause\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.13 17:13:55 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2007.05.13 15:02:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.01.19 09:50:18 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SPC500NC.ini
[2006.12.13 04:20:13 | 000,001,024 | ---- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006.12.13 02:47:50 | 000,000,926 | ---- | C] () -- C:\Windows\generic.ini
[2006.12.13 02:47:50 | 000,000,099 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006.12.13 02:47:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.12.12 19:45:23 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006.11.16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006.11.16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         
--- --- ---
File 2:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.10.2010 23:14:17 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Zuhause\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 21,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,33 Gb Total Space | 47,29 Gb Free Space | 55,42% Space Free | Partition Type: NTFS
Drive D: | 72,20 Gb Total Space | 34,36 Gb Free Space | 47,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149,01 Gb Total Space | 16,32 Gb Free Space | 10,95% Space Free | Partition Type: FAT32
Drive M: | 9,83 Gb Total Space | 9,75 Gb Free Space | 99,22% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS
Current User Name: Zuhause
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F646E2A-6591-4B0B-A80D-FCB45ADD3024}" = rport=139 | protocol=6 | dir=out | app=system | 
"{21AB9E0A-175B-42A8-98C1-16F7175C2CC3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{24BFABDD-F2F7-4AEE-AF11-AD013AA23E41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{281EB677-63A3-4399-8517-5A0C4B60EAD2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37994CCE-B06B-4FFF-BD73-822E852A8F46}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{427F6973-27B5-48A4-88AE-35230A43F3B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4ECF58A7-ECEA-4BBB-8A62-348411DA1A51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{582C40CA-26B3-463A-8EB6-0767BFC22488}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C12F173-5E95-41B7-80F5-C7C55C914234}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6DEE71E1-5AD7-4012-A9B3-FEB8B3E86DCA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{92F9FE1B-C286-43F1-90FB-9BFE2A24ACC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ACCAC320-E034-4063-AB48-649E98AEC745}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B41348A3-EAEE-48E9-BB82-2B425A897D2E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B82F0296-1F3C-488C-AFB5-49FA6B618DE2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C26B631D-7D2D-4DB6-8436-451E08DBB92E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C377428A-7E01-460D-84E8-57A62D53FA2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D4FEBA95-CE9F-43AE-B002-DB7C71E29671}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E9A33B8B-2AB4-4A05-AEE3-DE1A491F74FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F5D165D2-683C-44CA-8B61-8A3DA6D6727C}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037D0088-596B-4FC8-ABF9-FD11D9C72E8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0C0F30B7-C1E4-4B0D-B5F4-9017C45AE63C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{0E1BC228-9BE5-4F5E-A5BE-32306A84902E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{12B16F97-316C-4700-A801-A6D7EAE2BF67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14892B20-1075-4640-B4A0-B1D818836F48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D7DF6FC-9593-498E-83D1-48426BAC5EDB}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | 
"{205B7FC2-EF34-4454-9C3B-388D0C0F0656}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26BE5EB3-5A37-4668-9314-99B6BFCF23BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{29CD7223-FA50-4F40-AC91-5AFE59850AD2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{310541F6-E17D-4BB4-B592-38F777662017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{34E9E1DE-DB3A-4873-B5CC-0DFDE41DBDE1}" = protocol=17 | dir=in | app=d:\musik\itunes\itunes.exe | 
"{3F64F90A-E437-4325-8881-9994D1010749}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FCE4DCC-281E-491C-A583-0B88E5219DE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 
"{44295C03-C6D0-4A29-8F22-49A8955B686A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 
"{4987ACB3-B4F8-461F-9D08-FDD5EA887B92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4A1B6788-0617-4474-B729-C3EEAADFBE41}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 
"{556F3E29-4EA3-4587-B70B-DAB5150C5C91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5ADD323F-A24F-4328-9744-EA7595216239}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CB64C73-CB09-4807-B380-A1806C1B60FA}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | 
"{5F0480D8-B70D-487B-B79D-887B9412F431}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F59F95B-5D96-4480-87DD-2304B7FC7DBB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{5FA19FE6-C416-4E98-8FFD-C2D406B373CE}" = protocol=6 | dir=in | app=d:\musik\itunes\itunes.exe | 
"{6EA005AF-8DA5-4781-94CD-809B2B37BCB9}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | 
"{73306A68-44B6-4C29-9A55-B82602B25150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74E03CB3-52EB-46E7-8A9E-A1C0E336C305}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe | 
"{81032934-77EE-44BC-BB23-7D06C2EAEB45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{818D0CC8-E5FA-44FD-8A36-7818D3ED063C}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 
"{8B0CBABE-CE83-4A54-8419-25FA90450FC2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{8B878FED-2ADC-4CAC-88FD-0C851F0E4FE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 
"{8E966AFF-A671-41F0-BDC9-E962EE645B21}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | 
"{93435471-75BE-41BE-86FA-2F6C73383396}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 
"{9870D80B-0F6A-4902-9E54-33638E27F871}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{9DF7E01A-3572-49E2-8DE3-C943E6417890}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe | 
"{9E5C7574-4C46-4B99-BE57-D73F53BD36F0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{9EFCC069-9DE6-43EF-A7FD-93CFD56CBE65}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe | 
"{A5C5FC26-14D5-4153-BB1F-B122A5D8EE40}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{A6650730-BF1E-4DA8-92E8-2B39CB1BA187}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe | 
"{A7AF0655-A3B9-4FB1-A110-71BFF2E5B1F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7B330DA-4565-43BF-B9D2-D87CC8E02F9D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AED97BBD-4321-4309-85D2-D46B5763C9B3}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 
"{C567DB8E-B252-4F67-95B7-E9429A5D11FA}" = protocol=6 | dir=out | app=system | 
"{C63FF551-A40E-4C8D-859A-DF028529109E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C9A96EFA-49BD-4AC7-9C4D-A4465F16DC10}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 
"{CADE9EBD-5A98-4EEA-8C15-81C109C00502}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{D8F3F7C6-7D24-4229-AA6B-D1E4DE59E958}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe | 
"{E00F82FF-9F00-4950-AC5B-E46B7DFA42B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB643BC0-4C9F-43B2-812F-6B34AD480882}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{F1B06584-093B-44DF-AB14-C7DD24495263}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe | 
"{FD672B1F-9EDF-4F42-B3EB-A8F4FA7CB62B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{04343699-2319-45F5-A5E9-258D58B72332}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0982D43E-3B6F-46A4-B5F5-D59B1BB804E0}C:\program files\emule\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule\emule.exe | 
"TCP Query User{22E63233-0BDE-4025-98A5-2907CC53883D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{264B6F6F-F764-4B46-8072-7E34CC0EF7FC}C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe | 
"TCP Query User{3626CF7E-F104-408B-9350-EAFD8BE329C7}C:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe" = protocol=6 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe | 
"TCP Query User{4D9D5157-20FE-47F0-BD0E-2062820059FF}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{5325A3BF-5490-459A-8391-16C0A10974EC}C:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe" = protocol=6 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe | 
"TCP Query User{5622F991-E388-4C84-BD67-57AF02183F04}D:\treiber\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\treiber\sopcast\adv\sopadver.exe | 
"TCP Query User{56476A43-528F-4E6A-8EFC-D3A0CA6B2C1F}D:\musik\emule\emule.exe" = protocol=6 | dir=in | app=d:\musik\emule\emule.exe | 
"TCP Query User{6211BF61-D1FC-4C85-98CF-A37760508FDC}D:\treiber\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\treiber\sopcast\sopcast.exe | 
"TCP Query User{802CBA13-39EE-4601-BE73-3165F7BCD2DB}D:\musik\emule\emule.exe" = protocol=6 | dir=in | app=d:\musik\emule\emule.exe | 
"TCP Query User{830EC1A1-55D5-4EE2-B8FC-F62BD2B5D8C3}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{9A6B18CF-F89B-4EAA-8FB0-34A58CD32624}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9EA0631C-3DAC-4C5E-9984-1D0CC1E21972}L:\treiber\12voip\12voip.exe" = protocol=6 | dir=in | app=l:\treiber\12voip\12voip.exe | 
"TCP Query User{B29B6505-FD40-4F5A-B9C1-6594E87C0131}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | 
"TCP Query User{C97425C0-4F38-46FF-826A-D8C3CB23FA3E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{CC437FDC-8E21-4C37-BE7B-9298CF94B01B}L:\thomas\ares\ares.exe" = protocol=6 | dir=in | app=l:\thomas\ares\ares.exe | 
"TCP Query User{DA04E46F-05B2-4D40-ACCF-4BFF78F7974C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E310BE4D-B0F1-4880-86AD-76B42E5FB464}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"TCP Query User{E57DCACB-19F7-48DD-88F8-F1FE99FFB2FF}D:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\program files\tvants\tvants.exe | 
"TCP Query User{F4827756-A912-4B8D-BE91-84FA31ABCDC2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{F582134F-D22D-46F6-A39B-C4BB3636A268}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{04370C83-5D94-4A5E-9413-73E129BB6BD1}C:\program files\emule\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule\emule.exe | 
"UDP Query User{12A526DA-C0AC-458A-A595-C81612C7E926}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1429D2BA-2FCA-4844-87FE-8719F6C8AFE9}D:\musik\emule\emule.exe" = protocol=17 | dir=in | app=d:\musik\emule\emule.exe | 
"UDP Query User{1462BC87-48EC-4812-8C47-A770D021F603}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{17EE0EB2-2DF8-4B66-B1FC-E10D2140CAFD}C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe | 
"UDP Query User{183ACB57-DEED-40ED-9EE6-10387FD55E31}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"UDP Query User{3C67A49F-D0C7-451B-A5AB-D3451219DBB6}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{41B37C8A-5B09-40AB-84EB-FE6A3E98CF7F}D:\treiber\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\treiber\sopcast\sopcast.exe | 
"UDP Query User{48C5942B-2D8A-4BBA-8768-AC093734E83F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{4B9AD448-40BB-4474-B074-FDEA0E0ECADC}D:\musik\emule\emule.exe" = protocol=17 | dir=in | app=d:\musik\emule\emule.exe | 
"UDP Query User{4FB603D0-B041-4C1E-8E1D-92F55EBE9CA9}L:\treiber\12voip\12voip.exe" = protocol=17 | dir=in | app=l:\treiber\12voip\12voip.exe | 
"UDP Query User{5EDF15D5-CCB2-42D7-9EEF-64C10BFD451D}D:\treiber\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\treiber\sopcast\adv\sopadver.exe | 
"UDP Query User{5F5CFC7A-8654-4222-8E1F-2685A62377B7}C:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe" = protocol=17 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe | 
"UDP Query User{891076E2-B0DD-43A8-B09E-3990D67BE95D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{9B106597-9ADC-4226-8707-3734A300B70D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{9C646FD4-1AFF-4D93-B0AC-7FE7F706CB06}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{AAE592DA-6F4E-43FA-B26C-610AFFFE0452}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{AC30B967-D1FF-4C9C-964D-29E88BB98626}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{AD40D24A-6CB8-4FC8-9920-187B270F1BE0}L:\thomas\ares\ares.exe" = protocol=17 | dir=in | app=l:\thomas\ares\ares.exe | 
"UDP Query User{B8ED04C2-7B29-44DD-8CF0-8F2248FC17D4}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | 
"UDP Query User{DAC60202-E0ED-4D6C-8198-A1674025E066}C:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe" = protocol=17 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\backweb-7681197.exe | 
"UDP Query User{FEA32422-DDC5-4E05-AFC3-F2650ECA7D94}D:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\program files\tvants\tvants.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08DBDA89-0E31-DBE5-FCE1-91B67A3930E4}" = Skins
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{179E6537-50B8-449B-AB73-5F7E12EF3661}" = Philips SPC500NC/97 Webcam
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{320FA1BC-9ACB-4691-929D-7D4E726C6562}" = WISO Lexikon
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44D772A4-2CBC-004F-57D1-F942FAE679D6}" = ccc-utility
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{67B17908-6513-7574-C717-6EDB7EB2F59F}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{895C10ED-9276-49E7-87C4-8C03A1B08EDB}" = Philips SPC500NC Webcam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BA3B6C7-7731-B164-CD64-15DABD28C7DE}" = Catalyst Control Center Graphics Previews Vista
"{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A8D331E4-5D9C-7ACE-A7A3-C9CD234A3112}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B0465829-075A-E547-7E09-4EDD9E5C0C54}" = Catalyst Control Center Graphics Previews Common
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8532A82-DA43-479F-326D-C2ABDEF2A938}" = Catalyst Control Center Core Implementation
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E02B4B05-C22B-056F-FACD-FC80DE43C154}" = ATI Catalyst Install Manager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E52DB77C-6BCB-4E8A-0D86-24C91C17E4B3}" = Catalyst Control Center Graphics Full Existing
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDDC3037-57CC-9753-4D85-D7555BEFCBA8}" = Catalyst Control Center Graphics Full New
"12Voip_is1" = 12Voip
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Architecture_3D_3-Premium_Demo_is1" = 3D Home Design by Livecad (free version)
"Audio Converter Pro" = River Past Audio Converter Pro
"Audioactive MP3 Decoder" = Audioactive MP3 Decoder
"BK 2009 GERMAN" = Bundeskanzler 2009-2013
"CCleaner" = CCleaner
"eMule Plus_is1" = eMule Plus 1.2e
"Free Mp3 Wma Ogg Converter_is1" = Free Mp3 Wma Ogg Converter 7.0.1
"F-Secure Anti-Virus" = F-Secure Anti-Virus Client Security - Virenschutz
"F-Secure Backweb" = F-Secure Anti-Virus Client Security - Automatic Update Agent
"F-Secure Internet Shield" = F-Secure Anti-Virus Client Security - Internet-Schutzschild
"GENEUIDE" = USB Storage Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"RealPlayer 6.0" = RealPlayer Basic
"SopCast" = SopCast 3.0.3
"TVAnts 1.0" = TVAnts 1.0
"TwonkyMedia Manager" = TwonkyMedia Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2009 13:53:53 | Computer Name = Daniel_IV | Source = EventSystem | ID = 4621
Description = 
 
Error - 25.02.2009 16:31:23 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
Error - 25.02.2009 16:32:32 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
Error - 25.02.2009 18:09:35 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
Error - 25.02.2009 18:10:39 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
Error - 25.02.2009 18:52:43 | Computer Name = Daniel_IV | Source = EventSystem | ID = 4621
Description = 
 
Error - 26.02.2009 12:18:30 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
Error - 26.02.2009 12:19:43 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
Error - 26.02.2009 12:48:24 | Computer Name = Daniel_IV | Source = EventSystem | ID = 4621
Description = 
 
Error - 26.02.2009 13:16:50 | Computer Name = Daniel_IV | Source = BackWeb Client - 7681197 | ID = 327684
Description = 
 
[ System Events ]
Error - 28.09.2010 16:30:41 | Computer Name = Thomas | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 28.09.2010 16:30:43 | Computer Name = Thomas | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 28.09.2010 16:59:25 | Computer Name = Thomas | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 28.09.2010 17:34:02 | Computer Name = Thomas | Source = DCOM | ID = 10010
Description = 
 
Error - 29.09.2010 14:33:38 | Computer Name = Thomas | Source = HTTP | ID = 15016
Description = 
 
Error - 29.09.2010 14:35:43 | Computer Name = Thomas | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.09.2010 14:38:35 | Computer Name = Thomas | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 01.10.2010 16:36:49 | Computer Name = Thomas | Source = HTTP | ID = 15016
Description = 
 
Error - 01.10.2010 16:38:53 | Computer Name = Thomas | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.10.2010 16:42:11 | Computer Name = Thomas | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---


Alt 01.10.2010, 22:43   #6
kaltron
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Hast du schon dran gedacht, der Bank bescheid zu geben und das Online Banking sperren zu lassen? Vorher am besten nochmal von einem sicheren PC das Passwort ändern! Wenn noch nicht geschehen, bitte sofort nachholen!
__________________
--> Trojaner - Fishing der TANs beim Online Banking der Postbank

Alt 01.10.2010, 22:49   #7
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Vielen Dank für den Hinweis! Ich habe bereits alles sperren lassen und versuche nun den Computer vom Trojaner zu befreien.

Alt 03.10.2010, 12:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
[2010.07.04 22:14:32 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5
[2010.07.04 20:59:43 | 000,315,408 | ---- | C] () -- C:\ProgramData\poke deaf comp.0dph0
[2010.07.04 20:58:53 | 000,233,488 | ---- | C] () -- C:\ProgramData\Remote pure pure.sshnia7
[2010.07.04 20:58:53 | 000,069,648 | ---- | C] () -- C:\ProgramData\Remote pure pure.lgc1u
[2010.06.20 18:22:08 | 000,405,520 | ---- | C] () -- C:\ProgramData\Remote pure pure.7efxa
[2010.06.12 00:44:36 | 000,315,408 | ---- | C] () -- C:\ProgramData\Remote pure pure.mjkwt
[2010.06.12 00:44:35 | 000,024,592 | ---- | C] () -- C:\ProgramData\Remote pure pure.f22tpb
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.10.2010, 22:25   #9
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



OTL hat sich zwar unterwegs aufgehangen, aber scheinbar doch ein Ergebnis gebracht:
All processes killed
========== OTL ==========
C:\ProgramData\.tv5 moved successfully.
C:\ProgramData\poke deaf comp.0dph0 moved successfully.
C:\ProgramData\Remote pure pure.sshnia7 moved successfully.
C:\ProgramData\Remote pure pure.lgc1u moved successfully.
C:\ProgramData\Remote pure pure.7efxa moved successfully.
C:\ProgramData\Remote pure pure.mjkwt moved successfully.
C:\ProgramData\Remote pure pure.f22tpb moved successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zuhause
->Temp folder emptied: 25444 bytes
->Temporary Internet Files folder emptied: 626312 bytes
->Java cache emptied: 6502104 bytes
->FireFox cache emptied: 47204257 bytes
->Apple Safari cache emptied: 10394624 bytes
->Flash cache emptied: 22630 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7974 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10042010_230852

Files\Folders moved on Reboot...
C:\Users\Zuhause\AppData\Local\Temp\IadHide4.dll moved successfully.
File\Folder C:\Windows\temp\MpCmdRun-31-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found!

Registry entries deleted on Reboot...

Alt 05.10.2010, 19:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.10.2010, 21:56   #11
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



GMER ist leider abgestürzt.

Logfole OSAM:OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 22:50:09 on 06.10.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"prefscpl.cpl" - "RealNetworks, Inc." - C:\Windows\system32\prefscpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AIWA MM-EX300 USB driver" (MMEX300) - "AIWA CO., LTD." - C:\Windows\System32\Drivers\MMEX300.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"AVM FRITZ!web DSL PPP" (NETFWDSL) - ? - C:\Windows\System32\DRIVERS\NETFWDSL.SYS  (File not found)
"Digital Camera" (STV680) - ? - C:\Windows\System32\drivers\STV680.sys  (File not found)
"F-Secure File System Filter" (F-Secure Filter) - "F-Secure Corporation" - C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
"F-Secure File System Recognizer" (F-Secure Recognizer) - "F-Secure Corporation" - C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
"F-Secure Firewall Driver" (FSFW) - "F-Secure Corporation" - C:\Windows\System32\drivers\fsdfw.sys
"F-Secure Gatekeeper" (F-Secure Gatekeeper) - "F-Secure Corporation" - C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PPCLASS" (PPCLASS) - "Silitek Corporation." - C:\Windows\system32\drivers\PPCLASS.sys
"PPSCAN" (PPSCAN) - "Shuttle Technology." - C:\Windows\system32\drivers\PPSCAN.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"sonypvf3" (sonypvf3) - "Sony Corporation" - C:\Windows\system32\drivers\sonypvf3.sys
"sonypvl3" (sonypvl3) - "Sony Corporation" - C:\Windows\system32\drivers\sonypvl3.sys
"sonypvt3" (sonypvt3) - "Sony Corporation" - C:\Windows\system32\drivers\sonypvt3.sys
"TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\System32\drivers\TPkd.sys
"UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\Windows\System32\DRIVERS\wanatw4.sys  (File not found)
"WSVD" (WSVD) - "Wasay" - C:\Windows\system32\drivers\WSVD.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Musik\ITunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Zuhause\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Scanner Finder.lnk" - ? - C:\Program Files\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
"VPro500.lnk" - ? - C:\Windows\VPro500.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"F-Secure Manager" - "F-Secure Corporation" - "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
"F-Secure TNB" - "F-Secure Corporation" - "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
"iTunesHelper" - "Apple Inc." - "D:\Musik\ITunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"F-Secure Anti-Virus Firewall Daemon" (FSDFWD) - "F-Secure Corporation" - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
"F-Secure Automatic Update" (BackWeb Client - 7681197) - ? - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE  (File found, but it contains no detailed information)
"F-Secure Gatekeeper Handler Starter" (F-Secure Gatekeeper Handler Starter) - "F-Secure Corp." - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
"F-Secure Management Agent" (FSMA) - "F-Secure Corporation" - C:\Program Files\F-Secure\Common\FSMA32.EXE
"F-Secure Network Request Broker" (F-Secure Network Request Broker) - "F-Secure Corporation" - C:\Program Files\F-Secure\Common\FNRB32.EXE
"fsbwsys" (fsbwsys) - "F-Secure Corp." - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"TwonkyMedia" (TwonkyMedia) - "PacketVideo" - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

MBR Log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Logical Drives Mask: 0x00001ddc

Kernel Drivers (total 157):
0x82035000 \SystemRoot\system32\ntkrnlpa.exe
0x82002000 \SystemRoot\system32\hal.dll
0x8060E000 \SystemRoot\system32\kdcom.dll
0x80616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80676000 \SystemRoot\system32\PSHED.dll
0x80687000 \SystemRoot\system32\BOOTVID.dll
0x8068F000 \SystemRoot\system32\CLFS.SYS
0x806D0000 \SystemRoot\system32\CI.dll
0x82606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8268F000 \SystemRoot\system32\drivers\acpi.sys
0x826D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x826DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x826E6000 \SystemRoot\system32\drivers\pci.sys
0x8270D000 \SystemRoot\System32\drivers\partmgr.sys
0x8271C000 \SystemRoot\system32\drivers\volmgr.sys
0x8272B000 \SystemRoot\System32\drivers\volmgrx.sys
0x82775000 \SystemRoot\system32\drivers\pciide.sys
0x8277C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8278A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8279A000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8279E000 \SystemRoot\system32\drivers\atapi.sys
0x827A6000 \SystemRoot\system32\drivers\ataport.SYS
0x827C4000 \SystemRoot\system32\drivers\fltmgr.sys
0x807B0000 \SystemRoot\system32\drivers\fileinfo.sys
0x827F6000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x807C0000 \SystemRoot\system32\drivers\TPkd.sys
0x82C0F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C80000 \SystemRoot\System32\drivers\fsdfw.sys
0x82C95000 \SystemRoot\System32\drivers\msrpc.sys
0x82CC0000 \SystemRoot\System32\drivers\NETIO.SYS
0x82E03000 \SystemRoot\System32\drivers\NDIS.SYS
0x82F0E000 \SystemRoot\System32\drivers\TDI.SYS
0x82F19000 \SystemRoot\System32\drivers\fsndis5.sys
0x82CFA000 \SystemRoot\System32\drivers\tcpip.sys
0x82F20000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82F3B000 \SystemRoot\System32\Drivers\sonypvl3.sys
0x8660F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8671E000 \SystemRoot\system32\drivers\volsnap.sys
0x86757000 \SystemRoot\System32\Drivers\spldr.sys
0x8675F000 \SystemRoot\System32\Drivers\mup.sys
0x8676E000 \SystemRoot\System32\drivers\ecache.sys
0x86795000 \SystemRoot\system32\drivers\disk.sys
0x867A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x867C7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x867CF000 \SystemRoot\system32\drivers\crcdisk.sys
0x86600000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82F40000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82F49000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A60C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x82F58000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AD6B000 \SystemRoot\System32\drivers\watchdog.sys
0x8AD78000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AD8A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8ADD6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B00B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B049000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B058000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B070000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8B072000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B078000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B088000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B096000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B0A1000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B0BB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8B0C5000 \SystemRoot\system32\DRIVERS\parport.sys
0x8B0DD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B0F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B0FB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B129000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B16A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B181000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B18C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B1AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B1BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B1D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B1F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807D0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADE0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADEA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B40F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B443000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B454000 \SystemRoot\system32\drivers\HdAudio.sys
0x8B493000 \SystemRoot\system32\drivers\portcls.sys
0x8B4C0000 \SystemRoot\system32\drivers\drmk.sys
0x8B602000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B793000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B79C000 \SystemRoot\System32\Drivers\Null.SYS
0x8B7A3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B7B3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B7BA000 \SystemRoot\System32\drivers\vga.sys
0x8B7C6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B7E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7EF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B4E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B4F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B4FE000 \SystemRoot\System32\Drivers\sonypvf3.SYS
0x8B596000 \SystemRoot\System32\Drivers\sonypvt3.SYS
0x8B7F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82DE3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BA06000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BA1A000 \SystemRoot\system32\drivers\afd.sys
0x8BA62000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BA94000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BAAA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BAB8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BACB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BB07000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BB11000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BB28000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8BB3A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BB3C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BB45000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8BB55000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8BB5D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8BB85000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BB92000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BB9D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x920F0000 \SystemRoot\System32\win32k.sys
0x8BBA5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BBAF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92310000 \SystemRoot\System32\TSDDD.dll
0x92330000 \SystemRoot\System32\cdd.dll
0x8BBBE000 \SystemRoot\system32\drivers\luafv.sys
0x8BBED000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97E0C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x97E36000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97E40000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97E53000 \SystemRoot\system32\drivers\spsys.sys
0x97F02000 \SystemRoot\system32\drivers\HTTP.sys
0x97F6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x97F8C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97FA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97FBA000 \SystemRoot\system32\drivers\mrxdav.sys
0x97FDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99E04000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99E3D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99E55000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99E7C000 \SystemRoot\System32\DRIVERS\srv.sys
0x99ECA000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x99ED1000 \SystemRoot\System32\Drivers\PPCLASS.SYS
0x99EED000 \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
0x99EF1000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x99F02000 \SystemRoot\system32\drivers\peauth.sys
0x99FE0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99FEA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99ED7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x867D8000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x97E00000 \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
0x8BBD9000 \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
0x867EA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8B400000 \SystemRoot\system32\drivers\tdtcp.sys
0x8A600000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA800D000
0x76EC0000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
536 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
636 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\Ati2evxx.exe
968 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1156 C:\Windows\System32\winlogon.exe
1240 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\Ati2evxx.exe
1496 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\spoolsv.exe
1876 C:\Windows\System32\taskeng.exe
1892 C:\Windows\System32\dwm.exe
1920 C:\Windows\System32\svchost.exe
1948 C:\Windows\explorer.exe
484 C:\Program Files\Windows Defender\MSASCui.exe
712 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1928 C:\Program Files\Google\Update\GoogleUpdate.exe
124 C:\Windows\System32\taskeng.exe
2104 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2136 C:\PROGRA~1\F-Secure\BackWeb\7681197\program\SERVIC~1.EXE
2196 C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
2300 C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
2324 C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
2352 C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
2480 C:\Program Files\F-Secure\Common\FSMA32.exe
2688 C:\Program Files\F-Secure\BackWeb\7681197\program\backWeb-7681197.exe
2704 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2712 C:\Program Files\F-Secure\BackWeb\7681197\program\backWeb-7681197.exe
2720 C:\Program Files\F-Secure\Common\FSMB32.exe
2744 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2860 C:\Program Files\F-Secure\Common\fch32.exe
2904 C:\Windows\System32\svchost.exe
2960 C:\Windows\System32\svchost.exe
3048 C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
3132 C:\Windows\System32\svchost.exe
3152 C:\Windows\System32\SearchIndexer.exe
3236 WUDFHost.exe
3288 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3312 C:\Program Files\TwonkyMedia\twonkymediaserver.exe
3636 C:\Program Files\F-Secure\Common\FAMEH32.exe
1048 C:\Windows\System32\mobsync.exe
3568 C:\Program Files\Windows Media Player\wmpnetwk.exe
4004 iashost.exe
1248 C:\Program Files\F-Secure\Common\FNRB32.exe
3836 C:\Program Files\F-Secure\Common\FIH32.exe
3384 C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
3108 C:\Program Files\iPod\bin\iPodService.exe
780 C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
5020 C:\Users\Zuhause\Desktop\osam\osam.exe
5436 C:\Windows\System32\conime.exe
3776 C:\Windows\System32\SearchProtocolHost.exe
2256 C:\Program Files\Windows Media Player\wmpnscfg.exe
1700 C:\Windows\System32\notepad.exe
2332 D:\Firefox\firefox.exe
1100 C:\Windows\System32\SearchFilterHost.exe
6052 D:\Firefox\plugin-container.exe
3772 C:\Windows\explorer.exe
3600 C:\Users\Zuhause\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b550f800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`01f5ea00 (NTFS)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x00000032`e5a00000 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE
PhysicalDrive1 Model Number: SeagateExternal Drive, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 915BF6C1485E66261896300F2068E0B8AB0176AA
149 GB \\.\PhysicalDrive1 RE: Legit MBR code detected
SHA1: 9F8A099EDA15556670F652EF5B8836F94CDD32D1


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Alt 06.10.2010, 22:33   #12
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



GMER ist in der Tat abgestürzt!!

MBR:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Logical Drives Mask: 0x00001ddc

Kernel Drivers (total 157):
0x82035000 \SystemRoot\system32\ntkrnlpa.exe
0x82002000 \SystemRoot\system32\hal.dll
0x8060E000 \SystemRoot\system32\kdcom.dll
0x80616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80676000 \SystemRoot\system32\PSHED.dll
0x80687000 \SystemRoot\system32\BOOTVID.dll
0x8068F000 \SystemRoot\system32\CLFS.SYS
0x806D0000 \SystemRoot\system32\CI.dll
0x82606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8268F000 \SystemRoot\system32\drivers\acpi.sys
0x826D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x826DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x826E6000 \SystemRoot\system32\drivers\pci.sys
0x8270D000 \SystemRoot\System32\drivers\partmgr.sys
0x8271C000 \SystemRoot\system32\drivers\volmgr.sys
0x8272B000 \SystemRoot\System32\drivers\volmgrx.sys
0x82775000 \SystemRoot\system32\drivers\pciide.sys
0x8277C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8278A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8279A000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8279E000 \SystemRoot\system32\drivers\atapi.sys
0x827A6000 \SystemRoot\system32\drivers\ataport.SYS
0x827C4000 \SystemRoot\system32\drivers\fltmgr.sys
0x807B0000 \SystemRoot\system32\drivers\fileinfo.sys
0x827F6000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x807C0000 \SystemRoot\system32\drivers\TPkd.sys
0x82C0F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C80000 \SystemRoot\System32\drivers\fsdfw.sys
0x82C95000 \SystemRoot\System32\drivers\msrpc.sys
0x82CC0000 \SystemRoot\System32\drivers\NETIO.SYS
0x82E03000 \SystemRoot\System32\drivers\NDIS.SYS
0x82F0E000 \SystemRoot\System32\drivers\TDI.SYS
0x82F19000 \SystemRoot\System32\drivers\fsndis5.sys
0x82CFA000 \SystemRoot\System32\drivers\tcpip.sys
0x82F20000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82F3B000 \SystemRoot\System32\Drivers\sonypvl3.sys
0x8660F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8671E000 \SystemRoot\system32\drivers\volsnap.sys
0x86757000 \SystemRoot\System32\Drivers\spldr.sys
0x8675F000 \SystemRoot\System32\Drivers\mup.sys
0x8676E000 \SystemRoot\System32\drivers\ecache.sys
0x86795000 \SystemRoot\system32\drivers\disk.sys
0x867A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x867C7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x867CF000 \SystemRoot\system32\drivers\crcdisk.sys
0x86600000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82F40000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82F49000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A60C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x82F58000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AD6B000 \SystemRoot\System32\drivers\watchdog.sys
0x8AD78000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AD8A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8ADD6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B00B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B049000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B058000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B070000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8B072000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B078000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B088000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B096000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B0A1000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B0BB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8B0C5000 \SystemRoot\system32\DRIVERS\parport.sys
0x8B0DD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B0F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B0FB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B129000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B16A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B181000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B18C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B1AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B1BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B1D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B1F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807D0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADE0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADEA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B40F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B443000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B454000 \SystemRoot\system32\drivers\HdAudio.sys
0x8B493000 \SystemRoot\system32\drivers\portcls.sys
0x8B4C0000 \SystemRoot\system32\drivers\drmk.sys
0x8B602000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B793000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B79C000 \SystemRoot\System32\Drivers\Null.SYS
0x8B7A3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B7B3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B7BA000 \SystemRoot\System32\drivers\vga.sys
0x8B7C6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B7E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7EF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B4E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B4F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B4FE000 \SystemRoot\System32\Drivers\sonypvf3.SYS
0x8B596000 \SystemRoot\System32\Drivers\sonypvt3.SYS
0x8B7F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82DE3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BA06000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BA1A000 \SystemRoot\system32\drivers\afd.sys
0x8BA62000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BA94000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BAAA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BAB8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BACB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BB07000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BB11000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BB28000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8BB3A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BB3C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BB45000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8BB55000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8BB5D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8BB85000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BB92000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BB9D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x920F0000 \SystemRoot\System32\win32k.sys
0x8BBA5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BBAF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92310000 \SystemRoot\System32\TSDDD.dll
0x92330000 \SystemRoot\System32\cdd.dll
0x8BBBE000 \SystemRoot\system32\drivers\luafv.sys
0x8BBED000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97E0C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x97E36000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97E40000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97E53000 \SystemRoot\system32\drivers\spsys.sys
0x97F02000 \SystemRoot\system32\drivers\HTTP.sys
0x97F6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x97F8C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97FA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97FBA000 \SystemRoot\system32\drivers\mrxdav.sys
0x97FDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99E04000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99E3D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99E55000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99E7C000 \SystemRoot\System32\DRIVERS\srv.sys
0x99ECA000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x99ED1000 \SystemRoot\System32\Drivers\PPCLASS.SYS
0x99EED000 \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
0x99EF1000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x99F02000 \SystemRoot\system32\drivers\peauth.sys
0x99FE0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99FEA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99ED7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x867D8000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x97E00000 \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
0x8BBD9000 \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
0x867EA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8B400000 \SystemRoot\system32\drivers\tdtcp.sys
0x8A600000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA800D000
0x76EC0000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
536 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
636 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\Ati2evxx.exe
968 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1156 C:\Windows\System32\winlogon.exe
1240 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\Ati2evxx.exe
1496 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\spoolsv.exe
1876 C:\Windows\System32\taskeng.exe
1892 C:\Windows\System32\dwm.exe
1920 C:\Windows\System32\svchost.exe
1948 C:\Windows\explorer.exe
484 C:\Program Files\Windows Defender\MSASCui.exe
712 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1928 C:\Program Files\Google\Update\GoogleUpdate.exe
124 C:\Windows\System32\taskeng.exe
2104 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2136 C:\PROGRA~1\F-Secure\BackWeb\7681197\program\SERVIC~1.EXE
2196 C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
2300 C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
2324 C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
2352 C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
2480 C:\Program Files\F-Secure\Common\FSMA32.exe
2688 C:\Program Files\F-Secure\BackWeb\7681197\program\backWeb-7681197.exe
2704 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2712 C:\Program Files\F-Secure\BackWeb\7681197\program\backWeb-7681197.exe
2720 C:\Program Files\F-Secure\Common\FSMB32.exe
2744 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2860 C:\Program Files\F-Secure\Common\fch32.exe
2904 C:\Windows\System32\svchost.exe
2960 C:\Windows\System32\svchost.exe
3048 C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
3132 C:\Windows\System32\svchost.exe
3152 C:\Windows\System32\SearchIndexer.exe
3236 WUDFHost.exe
3288 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3312 C:\Program Files\TwonkyMedia\twonkymediaserver.exe
3636 C:\Program Files\F-Secure\Common\FAMEH32.exe
1048 C:\Windows\System32\mobsync.exe
3568 C:\Program Files\Windows Media Player\wmpnetwk.exe
4004 iashost.exe
1248 C:\Program Files\F-Secure\Common\FNRB32.exe
3836 C:\Program Files\F-Secure\Common\FIH32.exe
3384 C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
3108 C:\Program Files\iPod\bin\iPodService.exe
780 C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
5020 C:\Users\Zuhause\Desktop\osam\osam.exe
5436 C:\Windows\System32\conime.exe
3776 C:\Windows\System32\SearchProtocolHost.exe
2256 C:\Program Files\Windows Media Player\wmpnscfg.exe
1700 C:\Windows\System32\notepad.exe
2332 D:\Firefox\firefox.exe
1100 C:\Windows\System32\SearchFilterHost.exe
6052 D:\Firefox\plugin-container.exe
3772 C:\Windows\explorer.exe
3600 C:\Users\Zuhause\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b550f800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`01f5ea00 (NTFS)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x00000032`e5a00000 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AAE
PhysicalDrive1 Model Number: SeagateExternal Drive, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 915BF6C1485E66261896300F2068E0B8AB0176AA
149 GB \\.\PhysicalDrive1 RE: Legit MBR code detected
SHA1: 9F8A099EDA15556670F652EF5B8836F94CDD32D1


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

OSAM:
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 22:50:09 on 06.10.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"prefscpl.cpl" - "RealNetworks, Inc." - C:\Windows\system32\prefscpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AIWA MM-EX300 USB driver" (MMEX300) - "AIWA CO., LTD." - C:\Windows\System32\Drivers\MMEX300.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"AVM FRITZ!web DSL PPP" (NETFWDSL) - ? - C:\Windows\System32\DRIVERS\NETFWDSL.SYS  (File not found)
"Digital Camera" (STV680) - ? - C:\Windows\System32\drivers\STV680.sys  (File not found)
"F-Secure File System Filter" (F-Secure Filter) - "F-Secure Corporation" - C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
"F-Secure File System Recognizer" (F-Secure Recognizer) - "F-Secure Corporation" - C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
"F-Secure Firewall Driver" (FSFW) - "F-Secure Corporation" - C:\Windows\System32\drivers\fsdfw.sys
"F-Secure Gatekeeper" (F-Secure Gatekeeper) - "F-Secure Corporation" - C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PPCLASS" (PPCLASS) - "Silitek Corporation." - C:\Windows\system32\drivers\PPCLASS.sys
"PPSCAN" (PPSCAN) - "Shuttle Technology." - C:\Windows\system32\drivers\PPSCAN.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"sonypvf3" (sonypvf3) - "Sony Corporation" - C:\Windows\system32\drivers\sonypvf3.sys
"sonypvl3" (sonypvl3) - "Sony Corporation" - C:\Windows\system32\drivers\sonypvl3.sys
"sonypvt3" (sonypvt3) - "Sony Corporation" - C:\Windows\system32\drivers\sonypvt3.sys
"TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\System32\drivers\TPkd.sys
"UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\Windows\System32\DRIVERS\wanatw4.sys  (File not found)
"WSVD" (WSVD) - "Wasay" - C:\Windows\system32\drivers\WSVD.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Musik\ITunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Zuhause\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Scanner Finder.lnk" - ? - C:\Program Files\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
"VPro500.lnk" - ? - C:\Windows\VPro500.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"F-Secure Manager" - "F-Secure Corporation" - "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
"F-Secure TNB" - "F-Secure Corporation" - "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
"iTunesHelper" - "Apple Inc." - "D:\Musik\ITunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - ? - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"F-Secure Anti-Virus Firewall Daemon" (FSDFWD) - "F-Secure Corporation" - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
"F-Secure Automatic Update" (BackWeb Client - 7681197) - ? - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE  (File found, but it contains no detailed information)
"F-Secure Gatekeeper Handler Starter" (F-Secure Gatekeeper Handler Starter) - "F-Secure Corp." - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
"F-Secure Management Agent" (FSMA) - "F-Secure Corporation" - C:\Program Files\F-Secure\Common\FSMA32.EXE
"F-Secure Network Request Broker" (F-Secure Network Request Broker) - "F-Secure Corporation" - C:\Program Files\F-Secure\Common\FNRB32.EXE
"fsbwsys" (fsbwsys) - "F-Secure Corp." - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"TwonkyMedia" (TwonkyMedia) - "PacketVideo" - C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Alt 07.10.2010, 13:34   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.10.2010, 20:21   #14
waecker
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Leider wird kein Betriebssystem in der Eingabeaufforderung nach Eingabe des Befehls erkannt. Gibt es da einen Trick?

Alt 15.10.2010, 22:08   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - Fishing der TANs beim Online Banking der Postbank - Standard

Trojaner - Fishing der TANs beim Online Banking der Postbank



Dann probier es so:

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner - Fishing der TANs beim Online Banking der Postbank
0 bytes, acer, bitte um hilfe, components, dateien, defender, desktop, excel, firefox, fishing, home, home premium, installation, internet, jusched.exe, local\temp, logfile, musik, norton internet security, online banking, popup-fenster, programdata, richtlinie, scan, security, service pack 1, software, sptd.sys, start menu, system, temp, trojaner, usb, webcam, windows, windows media player, windows-defender, wmp



Ähnliche Themen: Trojaner - Fishing der TANs beim Online Banking der Postbank


  1. Windows 7: Postbank Online-Banking Trojaner
    Log-Analyse und Auswertung - 16.01.2014 (9)
  2. Postbank Online Banking Trojaner
    Log-Analyse und Auswertung - 17.09.2013 (28)
  3. Postbank Online Banking Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (22)
  4. Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an
    Log-Analyse und Auswertung - 24.05.2013 (23)
  5. Trojaner, Postbank online Banking...HILFE!
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (10)
  6. Noch ein Trojaner beim Postbank Online Banking
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (20)
  7. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  8. Trojaner Postbank Online banking Finden und Entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (13)
  9. Fishing versuche beim Online Banking
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (12)
  10. Postbank Online-Banking: Aufforderung zur Eingabe von 40 TANs
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (3)
  11. 40 TANs Eingabe beim Online Banking
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (17)
  12. Aufforderung zur Eingabe von 40 TAN's bei Postbank Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (17)
  13. BDS/Papras.PK in Windows\system21\jvienify.dll, 30 Tans bei Postbank online-Banking
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (1)
  14. Trojaner bei Online-Banking Postbank
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (16)
  15. Postbank Trojaner möchte 20 Tans beim einloggen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (6)
  16. Trojaner: Online Banking Sparkasse - 50 Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (10)
  17. Trojaner möchte 40 Tans zum Sparkassen Online Banking
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (16)

Zum Thema Trojaner - Fishing der TANs beim Online Banking der Postbank - Bitte um Hilfe! Ein Trojaner hat versucht meine TAN-Daten über ein Popup-Fenster beim Online Banking der Postbank zu erspähen. Malwarebytes, FSECURE und Windows Defender schlagen nicht an. Hier das Logfile - Trojaner - Fishing der TANs beim Online Banking der Postbank...
Archiv
Du betrachtest: Trojaner - Fishing der TANs beim Online Banking der Postbank auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.