Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 20 Tan eingeben Sparkasse Online Banking

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.12.2010, 21:12   #1
Kerosyn
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Hallo,

ich habe folgendes Problem:

Ich wurde heute aufgefordert 20 Tan Nummern einzugeben, um meine Sicherheit zu gewährleisten. Da ich ein externes Gerät zur TAN Erzeugung nutze, habe ich natürlich nichts eingegeben und gleich mal gegoogelt.

Ich habe das Addon No Script installiert und das Script wurde geblockt und ich konnte die Überweisung tätigen. Wenn ich No Script allerdings deaktiviere, kommt wieder diese "TAN Abfrage".

Da habe ich mir wohl etwas eingefangen und möchte wissen, wie ich dieses Schadprogramm entfernen und meinen PC bereinigen kann.

Ich hoffe Ihr könnt mir helfen.

Mfg Kero

OTL Scan: Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2010-12-19 21:00:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 11.20 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive D: | 600.98 Gb Total Space | 167.47 Gb Free Space | 27.87% Space Free | Partition Type: NTFS
Drive H: | 5.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: WIN-9HZP9AXBQ49 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2392348470-1877714956-3255144378-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019112DB-90A3-4971-B70A-00052B8A4E3D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{044BDB7F-AFC0-4339-B0BA-7C99CDAAB30A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{12C3F6DB-1695-497F-9B1D-A759404A3FBF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{187DB310-73EE-4FC4-9867-51431CB65D07}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B3754E9-A1D2-4040-A84C-4DED05064815}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3850CEC1-5225-4CC6-818D-5BBDA63B6009}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{466D2FD2-D96D-4194-983B-AB36CEEAF148}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D42D0FD-5DAF-434F-B714-E033743ED891}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6747F7FA-E787-48B6-89BA-FDE958352BA2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6996D82E-95AD-4DA8-9DA5-E52327852E5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{77EF76AE-EF20-4034-A021-8FB3BD4EC2D0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7A770313-7145-48A5-9A17-9EB9A79EBF61}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C48F0A7-23FD-4A5F-9FBC-992C93968E31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8CEAA81C-1128-4172-AED6-8B3D00B7448F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{997786DB-2787-4820-BF0F-B73A01B91A7A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AFB3986E-07CD-4FA5-97B3-FE7D96B7FCD7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B861A1CE-9453-499B-9749-7E3117337BBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CF7A91C4-DD79-4F61-B1A3-D209EA717160}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D1AFE855-954D-4B22-B906-6DBE31166B3B}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{D8431A14-B130-45EA-8E70-05FC749C3EEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DC34E920-5C85-4557-B40D-17832E48FF1C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E31F84E1-AF99-41CB-8BB5-5267D02D4523}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FE7E94A0-FBF0-4DA8-B3F5-1B102206BAB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01625F79-59A6-4C99-928F-2A07DDBF92C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{05737BEC-53A6-4DAE-BF5E-A7B5C6E3756E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{071502A8-786A-414E-B58C-F226F22EAAB2}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base15405\sc2.exe | 
"{0C73312F-4FD4-44CF-B5CA-F5D2C7256FD1}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\robinson2110\counter-strike\hl.exe | 
"{11CA5C33-7FC4-4C64-8193-5C9596BDF3A5}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{1232BB0E-55CB-47C4-A190-1377376CCA3D}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe | 
"{1627CB05-B73A-49D5-8ACE-74A15F0F5A8C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{25ED8964-8471-4308-A7E9-DB165415BA0D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{2621521B-79A7-4FD8-A7FE-B3404B3348D6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{27CC7018-C404-4CB9-B205-2699F8774DDD}" = protocol=6 | dir=in | app=d:\programme\world of warcraft\blizzard downloader.exe | 
"{29185BFF-DC0C-4391-BB64-210D71D34084}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2ADF3C21-845B-48CB-937D-A1B3B5D98967}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{2BB88642-3DAD-4AA2-B436-076FF52F66D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2FE8F0B2-79AC-4768-93D1-814FA9949A81}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{308CBE02-C5B3-47B3-8C60-8F77580B2186}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{315DEB57-C14F-4440-A917-6CE558576242}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{464A9064-9E29-4D20-B8A1-946C4B8E8430}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local2\apps\2.0\d04my46j.p4e\po7n9arn.2oz\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | 
"{48A28D94-354C-412F-9F8F-4DE584954FCF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{4B9633D0-1346-4CBC-8720-5BD0D57C4774}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local2\apps\2.0\d04my46j.p4e\po7n9arn.2oz\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | 
"{50770E4F-ABF4-49E9-BE00-B60B1A0DE571}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{539940A5-E2D8-4C32-AD08-245AFDF5D765}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59A12451-4D99-489B-933A-0CBCE8A4EAF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A8C0AFB-AC41-43D1-B086-7030A5B6945B}" = protocol=17 | dir=in | app=d:\programme\world of warcraft\launcher.exe | 
"{5C5BF9DD-7C54-4A7D-B085-38A29A268EE8}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{5CA889E3-E11E-48A3-84C7-1DC82CAACEFD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5D1EF75C-B017-48CE-80A5-132870553426}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{6002433F-17A9-4E6E-98A7-07F59C0E6703}" = protocol=6 | dir=in | app=d:\programme\konami\pro evolution soccer 2011\pes2011.exe | 
"{63DE3254-6E15-4495-A272-E64622B8B3F4}" = protocol=6 | dir=in | app=d:\programme\world of warcraft\wow.exe | 
"{6C3D93B8-3679-4DEC-A588-0C43C5163E25}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7192122C-7BBE-4066-B758-C0847C2F4A65}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\locallow2\dyyno receiver\dppm.exe | 
"{71B91DF1-DDA3-4130-B427-28DAC57628CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{759DCAFD-46FA-4D28-9C86-EC0052B77BAE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{79D8EF53-05D7-4396-A5C5-3183E8347E16}" = protocol=17 | dir=in | app=d:\programme\world of warcraft\wow.exe | 
"{7B7EBDE4-783D-45B6-8638-96923C49FFFE}" = protocol=6 | dir=in | app=d:\programme\world of warcraft\launcher.exe | 
"{7D122781-3C4C-42DD-94D3-5195B6297376}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7F06DD0D-4AB9-443F-878A-F8A80A36D6AD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{82C96294-C83A-4615-ADA5-07C17BA770EB}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{85624B13-7318-438E-8B11-74206A424AB1}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base15405\sc2.exe | 
"{88BF8940-98D3-458D-B97F-6F04520FDBC6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{897AD44F-6EE1-4BDC-AB9C-000F235D538F}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{8E89D94F-9FF4-427A-8D91-AF60F1679191}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{96133519-F154-4CEC-B5D1-6D67336E4063}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{993CECA4-CD1B-4A0E-BBAF-9E23F48420B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9DC2DC05-9C06-4DBA-BB86-62483D4965CF}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{9E73AFE8-4D34-4574-8AC8-FCD5FE2A08AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A453DC99-DE30-47F7-9032-F491F3D35282}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{B2E5F311-5270-42F8-85BA-538B5014EE46}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B328CD5B-B32F-4874-B348-CE3627D99E9E}" = protocol=17 | dir=in | app=d:\programme\konami\pro evolution soccer 2011\pes2011.exe | 
"{B4C4B5B0-1526-4BBE-8A6D-AC28F1D8F81F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\robinson2110\counter-strike\hl.exe | 
"{B79C565F-9E09-45B4-9A84-705E199D16BC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{C323E128-FA2C-41BE-85FC-E5320C8D9FF2}" = protocol=17 | dir=in | app=d:\programme\world of warcraft\blizzard downloader.exe | 
"{C914C5EA-DAB1-4120-823C-CFF7AE946C05}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{CC375598-8F53-4708-827A-3C90746D0740}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\locallow2\dyyno receiver\dppm.exe | 
"{CD9ABD84-4289-4695-9493-A4284138CE61}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{D5766F4D-E87F-44B4-9608-30C928A79739}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local2\apps\2.0\d04my46j.p4e\po7n9arn.2oz\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | 
"{D73610BA-ECE2-4B7F-9EFF-66C6E6B8AFCB}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local2\apps\2.0\d04my46j.p4e\po7n9arn.2oz\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe | 
"{DCC27CAD-7203-4047-B1BD-B375ED9F8CBB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{EC0B634C-390E-4E12-BF0B-9607D9E57176}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe | 
"{F34777ED-78DF-4A54-B2A3-171A9CF2E000}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{F347F399-427C-462C-9F9A-30F1E6EC5E54}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{F3DAE29D-449A-47E7-821F-B3D57105DAB5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{F87407FA-204E-4311-841A-974067C68A48}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FF08CA0A-20B7-45DE-BA7D-112248DFA145}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"TCP Query User{0F8F87B4-C1CB-45B4-ADA1-ABB206852781}D:\programme\steam\steamapps\norok\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\norok\counter-strike\hl.exe | 
"TCP Query User{16406BE3-52C5-426C-92A3-455510D46042}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"TCP Query User{318647A1-EAD7-443B-B42D-A0B7811DF2D7}C:\program files\keyclone\keyclone.exe" = protocol=6 | dir=in | app=c:\program files\keyclone\keyclone.exe | 
"TCP Query User{3C143EDB-E912-4507-B2F9-467940CAA087}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{514F7C5E-0D04-4410-BE86-CB2D5C5EE979}D:\programme\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{530FC54F-316B-4A70-82B2-177673CEA037}C:\program files\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\gamers.irc\mirc.exe | 
"TCP Query User{799BF105-6446-4388-B768-E4127E6E483B}C:\program files\keyclone\keyclone.exe" = protocol=6 | dir=in | app=c:\program files\keyclone\keyclone.exe | 
"TCP Query User{86188D62-E2A2-4CAA-AF56-D217F896D074}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{866D0DE3-0A2D-4CBD-AD59-3A46C26AC4BD}F:\war europe downloader.exe" = protocol=6 | dir=in | app=f:\war europe downloader.exe | 
"TCP Query User{9CDB7219-48D9-42C8-95CC-1987905EC2AD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{A1376F45-F88B-4663-9E96-E3CF0495F6D5}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"TCP Query User{A97153B4-5267-4D0C-9470-C9970BF8445F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{AB2E3659-3727-4D8F-8948-114D85EA38D9}D:\programme\f1 2010\f1_2010_game.exe" = protocol=6 | dir=in | app=d:\programme\f1 2010\f1_2010_game.exe | 
"TCP Query User{BD981065-352D-4C33-BD62-C79CD0100163}D:\programme\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\programme\world of warcraft\launcher.exe | 
"TCP Query User{CEC63D47-7F83-4D49-A5AD-7632D5CFED08}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{E73950BE-0BF5-4969-A5DB-AF0079D7791C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{EC1886BE-05A8-45C6-B7B1-6640528D29AF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EE4651FC-64ED-446D-8006-414B462917F0}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{F833ED33-15BD-49A5-A6BE-293EF521B39D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{06347DF0-9B2F-413E-AE49-0985E375B109}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{14325241-63E1-469D-A873-2CCFC33F4606}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{18180156-877E-4160-B1CE-582283A4E7F2}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{598D4704-1C41-4EFB-9344-664A7F0FBEB0}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{71E036F4-39A0-4B91-9579-66CE1DD0C368}D:\programme\steam\steamapps\norok\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\norok\counter-strike\hl.exe | 
"UDP Query User{74B74377-DA7D-4203-B832-A40812678A56}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{7F473AC9-E4AA-49EE-A215-35F9CD85E739}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe | 
"UDP Query User{8607E343-0EFB-477F-9102-B5F6151492B9}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"UDP Query User{86C28C91-6AE0-44C2-B8BC-6709D0FE30A6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{93B1A8C7-6E5F-4FF9-BD15-2DA230760902}C:\program files\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\gamers.irc\mirc.exe | 
"UDP Query User{A02F535C-D480-4784-9AF5-CBE4D47CF339}F:\war europe downloader.exe" = protocol=17 | dir=in | app=f:\war europe downloader.exe | 
"UDP Query User{AD171D00-D9F4-4650-A529-83E72D8E772D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{B550A34D-C01A-4F20-A82A-750FFEEB29D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B85F7C99-1474-47F6-8FAD-CFE8D6CD47F7}D:\programme\f1 2010\f1_2010_game.exe" = protocol=17 | dir=in | app=d:\programme\f1 2010\f1_2010_game.exe | 
"UDP Query User{BA9D4C29-7C3C-448A-A464-8BD37206C19F}C:\program files\keyclone\keyclone.exe" = protocol=17 | dir=in | app=c:\program files\keyclone\keyclone.exe | 
"UDP Query User{C0A9B36D-FAA5-475E-9F2C-FD7873CA8CD0}C:\program files\keyclone\keyclone.exe" = protocol=17 | dir=in | app=c:\program files\keyclone\keyclone.exe | 
"UDP Query User{CA25C4F8-46EA-4B67-8614-A22FA76B0D24}D:\programme\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{D0377237-6F4A-44EA-B8DF-881FF1A2EED2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D3228C3F-D05C-4244-B0C3-852F77FDE0DD}D:\programme\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\programme\world of warcraft\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B0A5449-B6C4-4DEA-BD94-2FF11441148F}" = Samsung PC Studio 3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779C40FF-9211-427B-A5C4-2026B85A1031}" = Nero 7 Essentials
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9082C257-9729-4009-8299-6916CD556EAC}" = TSR Launcher
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ECCA3728-2753-4C3A-8608-5A41C4AEBDB7}" = Sony Vegas Pro 8.0
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"clevo4ap" = Clevo PS/2 keyboard Hotkey Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EO_Video_1.3" = EO Video 1.36
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gamers.IRC" = Gamers.IRC 5.21
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Half-Life" = Half-Life
"HijackThis" = HijackThis 2.0.2
"hopster_is1" = hopster Preview Release 20
"HTTP-Tunnel" = HTTP-Tunnel 2.10.0070
"Just Cause 2_is1" = Just Cause 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Full)
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"nHancer" = nHancer
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Proxifier_is1" = Proxifier version 2.7
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SocksCap V2" = SocksCap V2
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V3.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TightVNC_is1" = TightVNC 1.3.10
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"USBWebcam" = USB Webcam
"Videora iPod Converter" = Videora iPod Converter 5.03
"Virtualdub 1.4.9" = Virtualdub 1.4.9
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2010-12-19 21:00:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 11.20 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive D: | 600.98 Gb Total Space | 167.47 Gb Free Space | 27.87% Space Free | Partition Type: NTFS
Drive H: | 5.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: WIN-9HZP9AXBQ49 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010-12-19 20:27:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2010-12-19 20:25:28 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\c55271cc-0982-4391-9965-8f85ff5f9d02.com
PRC - [2010-12-11 12:02:28 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-12-03 20:43:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox 4.0 Beta 7\firefox.exe
PRC - [2010-11-06 23:26:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-11-06 23:26:08 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010-08-26 13:45:00 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010-08-26 13:43:20 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010-08-13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-05-02 16:29:34 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Programme\nHancer\nHancerService.exe
PRC - [2010-01-14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-11-09 10:40:20 | 000,091,392 | ---- | M] () -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009-11-09 10:40:10 | 000,273,664 | ---- | M] (Motorola) -- C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009-04-30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009-04-11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-03-26 15:49:46 | 001,277,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009-02-19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009-02-19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008-04-07 09:24:08 | 005,369,856 | R--- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-01-21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007-05-11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006-03-01 02:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010-12-19 20:27:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009-12-27 01:29:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009-02-19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll
MOD - [2009-02-19 00:26:28 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\GameHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010-12-11 12:02:28 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-11-06 23:26:08 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010-09-28 20:06:33 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010-08-26 13:43:20 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010-08-26 13:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010-08-13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-05-02 16:29:34 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV - [2010-03-18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-09 10:40:20 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009-09-25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-04-30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009-02-19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006-03-01 02:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SaiUFF0D.sys -- (SaiUFF0D)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SaiHFF0D.sys -- (SaiHFF0D)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\easytthr.sys -- (easytether)
DRV - [2010-12-11 12:02:32 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010-11-27 18:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-09-28 23:46:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-15 21:41:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-07-15 21:41:52 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-07-09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-05-10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010-02-17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-07-10 12:01:04 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (androidusb)
DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-05-06 18:16:26 | 000,006,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009-05-01 00:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009-05-01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009-05-01 00:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009-04-30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-04-11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009-02-13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-01-20 22:58:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-01-11 15:30:56 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\naecd.sys -- (naecd)
DRV - [2008-12-18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008-12-18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008-12-18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008-04-07 09:24:08 | 002,103,512 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-02-21 09:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008-01-24 23:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008-01-24 23:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008-01-24 23:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008-01-24 23:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 03:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 03:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-21 03:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007-10-12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-07-27 11:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007-07-27 09:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007-07-03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007-07-03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007-07-03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007-04-11 09:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\esd7sk.sys -- (ESDCR)
DRV - [2007-04-11 09:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\esm7sk.sys -- (ESMCR)
DRV - [2007-04-11 09:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ems7sk.sys -- (EMSCR)
DRV - [2007-04-03 03:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007-04-02 09:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007-03-21 15:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-07 09:26:00 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\enecir.sys -- (enecir)
DRV - [2007-02-27 07:20:28 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007-02-27 07:20:24 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007-02-24 07:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-02-12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007-01-23 12:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007-01-23 09:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-01 14:31:46 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siwinacc.sys -- (SiFilter)
DRV - [2006-11-01 14:31:14 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siremfil.sys -- (SiRemFil)
DRV - [2006-11-01 14:30:34 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\si3132.sys -- (SI3132)
DRV - [2006-10-18 06:44:48 | 000,007,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\asacpi.sys -- (MTsensor)
DRV - [2006-01-10 03:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2005-03-23 16:41:04 | 000,030,296 | ---- | M] (Eagletron Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dvdriver.sys -- (DVDRIVER)
DRV - [2005-02-22 13:33:28 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kiebel.de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "World of Warcraft-Arsenal"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.10
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010-12-19 19:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2010-12-19 19:09:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-10-28 20:07:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-10-12 19:02:27 | 000,000,000 | ---D | M]
 
[2010-10-28 20:07:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010-10-28 20:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-12-19 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\b4npeseh.Jan\extensions
[2008-07-24 17:46:33 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\b4npeseh.Jan\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010-11-10 02:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\b4npeseh.Jan\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010-12-19 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\b4npeseh.Jan\extensions\vshare@toolbar
[2010-12-19 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lchn7l34.default\extensions
[2010-11-10 02:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lchn7l34.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010-12-19 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lchn7l34.default\extensions\vshare@toolbar
[2010-12-19 20:45:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions
[2010-06-23 22:28:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-07-17 15:19:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-11-04 00:24:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010-11-10 02:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010-11-04 00:24:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-10-03 17:30:52 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010-06-23 22:28:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-06-23 22:28:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\firefox@red-cog.com
[2009-04-19 17:06:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\NPDyyno@dyyno.com
[2009-09-19 00:49:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mu9jvryl.default\extensions\redshift_V2@shift-themes.com
[2006-12-13 15:57:35 | 000,001,830 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\mu9jvryl.default\searchplugins\blasc.xml
[2006-08-11 21:48:18 | 000,002,560 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\mu9jvryl.default\searchplugins\Thumbs.db
[2010-10-22 20:19:10 | 000,001,583 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\mu9jvryl.default\searchplugins\web-search.xml
[2008-01-21 19:42:56 | 000,002,791 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\mu9jvryl.default\searchplugins\world-of-warcraft-arsenal.xml
[2007-05-28 16:30:06 | 000,002,109 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\mu9jvryl.default\searchplugins\youtube-video-search.xml
[2010-12-19 19:03:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010-10-28 18:27:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-10-28 18:27:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010-09-15 20:56:54 | 000,001,015 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\c55271cc-0982-4391-9965-8f85ff5f9d02.com (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-08-17 05:32:29 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010-08-17 05:32:29 | 000,000,047 | R--- | M] () - H:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0ec9b0dc-a9df-11de-9888-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec9b0dc-a9df-11de-9888-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2010-08-17 05:32:29 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{6075b7f5-59be-11dd-817a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6075b7f5-59be-11dd-817a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\{6e6a6b14-b2c1-11de-806e-00508dbca802}\Shell - "" = AutoRun
O33 - MountPoints2\{6e6a6b14-b2c1-11de-806e-00508dbca802}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{f7f64cd0-b6ac-11de-a6fd-00508dbca802}\Shell - "" = AutoRun
O33 - MountPoints2\{f7f64cd0-b6ac-11de-a6fd-00508dbca802}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010-12-19 20:21:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2010-12-19 20:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-12-19 20:21:52 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010-12-19 19:07:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 7
[2010-12-07 18:49:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2010-12-04 15:28:24 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2008-11-16 18:32:46 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010-12-19 20:31:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-19 20:21:54 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-12-19 20:12:40 | 000,096,469 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-12-19 20:12:39 | 000,096,469 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-12-19 20:12:30 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-12-19 20:12:30 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-12-19 20:12:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-12-19 20:12:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-12-19 19:21:47 | 000,000,593 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010-12-19 16:48:39 | 000,115,712 | ---- | M] () -- C:\Users\Administrator\AppData\Local2\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-19 05:31:12 | 000,048,640 | -H-- | M] () -- C:\Windows\System32\bcdeKEYs.dll
[2010-12-18 23:05:58 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{12D603CD-6011-458D-B8C4-FFC65B15205D}.job
[2010-12-11 12:02:32 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010-12-11 03:47:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010-12-04 15:22:27 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010-11-30 21:51:38 | 000,001,475 | ---- | M] () -- D:\Dokumente\Bremen Fahrt.rtf
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-11-27 18:39:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010-11-26 01:10:33 | 000,000,312 | ---- | M] () -- C:\Users\Administrator\Desktop\Curse Client.appref-ms
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010-12-19 20:21:54 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-12-19 05:31:12 | 000,048,640 | -H-- | C] () -- C:\Windows\System32\bcdeKEYs.dll
[2010-11-30 21:51:38 | 000,001,475 | ---- | C] () -- D:\Dokumente\Bremen Fahrt.rtf
[2010-11-25 18:41:58 | 000,000,593 | ---- | C] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010-11-25 17:00:20 | 000,000,442 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{12D603CD-6011-458D-B8C4-FFC65B15205D}.job
[2010-11-10 00:23:25 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010-10-28 17:58:31 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\JFritz.lock
[2010-07-19 15:47:07 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010-07-15 21:41:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-07-15 21:41:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-04-02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010-03-15 17:29:37 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-03-14 18:17:34 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2009-12-24 00:12:05 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2009-08-17 16:12:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-08-16 00:03:17 | 000,096,469 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-08-15 23:31:07 | 000,096,469 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-07-14 15:31:20 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local2\d3d9caps.dat
[2009-05-08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009-04-30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009-04-23 00:24:27 | 001,391,379 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009-04-23 00:24:27 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009-04-23 00:24:27 | 000,256,512 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009-04-23 00:24:27 | 000,237,056 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009-04-23 00:24:27 | 000,216,064 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009-04-23 00:24:27 | 000,176,640 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009-04-23 00:24:27 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009-04-23 00:24:27 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009-04-23 00:24:27 | 000,126,976 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009-04-23 00:24:27 | 000,117,760 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009-04-23 00:24:27 | 000,095,744 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009-04-15 11:35:42 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008-11-16 18:32:47 | 000,000,112 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Current.prx
[2008-10-30 00:00:23 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-10-30 00:00:23 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008-10-30 00:00:22 | 000,828,029 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008-10-30 00:00:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008-10-30 00:00:20 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008-10-29 23:42:06 | 000,115,712 | ---- | C] () -- C:\Users\Administrator\AppData\Local2\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-29 23:40:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008-10-23 00:47:11 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008-09-27 13:05:46 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2008-09-25 22:23:05 | 000,000,430 | ---- | C] () -- C:\Windows\BeatBox.INI
[2008-09-25 22:12:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008-09-25 22:12:16 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008-09-25 22:10:54 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008-09-24 22:27:45 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008-09-24 22:27:34 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008-09-24 22:27:34 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008-09-21 18:54:21 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008-09-21 15:30:26 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008-08-23 12:14:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008-08-22 20:00:30 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2008-08-22 19:57:05 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008-08-17 22:25:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-08-13 18:55:52 | 000,000,315 | ---- | C] () -- C:\Windows\game.ini
[2008-07-31 18:34:04 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008-07-29 15:07:55 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008-07-24 19:03:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008-07-22 10:31:30 | 000,538,216 | ---- | C] () -- C:\Windows\pic.dll
[2008-07-22 10:31:30 | 000,030,248 | ---- | C] () -- C:\Windows\hkntdll.dll
[2008-07-22 10:31:30 | 000,017,448 | ---- | C] () -- C:\Windows\Hidmnt.dll
[2008-07-22 10:31:30 | 000,000,433 | ---- | C] () -- C:\Windows\clevo4ap.ini
[2008-07-22 10:31:09 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008-07-22 10:30:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004-10-12 07:40:58 | 004,426,841 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2004-10-12 07:39:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2004-10-12 07:39:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2004-10-09 07:40:16 | 000,849,136 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2004-10-05 09:16:08 | 000,557,469 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009-09-25 15:25:48 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\.#
[2010-05-03 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\777livecams
[2008-11-29 21:30:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acreon
[2008-12-15 18:16:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2008-09-21 15:30:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools
[2010-09-28 23:55:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010-11-10 02:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2009-12-29 18:42:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2010-11-08 20:35:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRight
[2010-11-08 20:35:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HLSW
[2010-12-10 20:09:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2008-07-24 19:14:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQLite
[2010-10-28 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JFritz
[2008-10-05 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2009-05-23 09:59:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2008-11-12 21:57:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MobMapUpdater
[2010-09-16 16:37:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\nHancer
[2009-08-29 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2009-03-11 18:43:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers
[2009-03-15 14:17:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Red Alert 3
[2010-01-05 22:59:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Red Kawa
[2008-08-23 12:39:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2010-10-31 20:39:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SecondLife
[2009-12-29 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SharePod
[2008-09-16 16:56:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\shockvoice
[2009-03-11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2010-10-28 20:07:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2009-12-27 22:21:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2010-11-03 00:15:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TSR
[2008-07-24 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010-07-15 21:54:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ubisoft
[2008-11-08 01:26:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010-12-19 20:05:37 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010-12-18 23:05:58 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{12D603CD-6011-458D-B8C4-FFC65B15205D}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
 
< End of report >
         
--- --- ---


Malware Bytes LOG:

Zitat:
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5358

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

2010-12-19 21:22:22
mbam-log-2010-12-19 (21-22-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152864
Laufzeit: 4 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\bcdeKEYs.dll (Trojan.Agent) -> No action taken.

Alt 20.12.2010, 11:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 22.12.2010, 23:43   #3
Kerosyn
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



So da bin ic hwieder. Hatte leider in den letzten Tagen viel zu tun. Daher nun erst der LOG:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5378

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

2010-12-22 23:41:38
mbam-log-2010-12-22 (23-41-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 401642
Laufzeit: 1 Stunde(n), 12 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Meine Bank hat mir das Online Banking vorerst gesperrt, damit nichts passieren kann. Wenn ich mich nun auf die Seite einlogge ob mit oder ohne NoScript kommt allerdings keine TAN Abfrage mehr.

Mfg Kero
__________________

Alt 23.12.2010, 09:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Zitat:
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
Warum darf dein Rechner ubisoft nicht erreichen?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2010, 09:55   #5
Kerosyn
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Moin,

gute Frage. Ehrlich gesagt habe ich darauf keine Antwort. Ubisoft ist ja nicht "böses"


Alt 23.12.2010, 11:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Ja aber du hast was von Ubisoft installiert. Gecracktes Spiel, Crack ausgeführt?
__________________
--> 20 Tan eingeben Sparkasse Online Banking

Alt 23.12.2010, 12:39   #7
Kerosyn
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Hm das ist aber schon etwas her. Ich habe mir einen NOCD launcher für Splinter Cell besorgt, weil es nicht starten wollte. Das war aber vor ca. 2 /3 Monaten. Der Crack wurde dann auch wieder gelöscht, weil eine Neuinstallation das Problem behoben hat.

Alt 23.12.2010, 14:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
20 Tan eingeben Sparkasse Online Banking - Standard

20 Tan eingeben Sparkasse Online Banking



Zitat:
Hm das ist aber schon etwas her. Ich habe mir einen NOCD launcher für Splinter Cell besorgt,
Sowas wird aber nicht supportet. Es ist auch kein Geheimnis, dass Cracks/Keygens illegal und idR verseucht sind.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu 20 Tan eingeben Sparkasse Online Banking
0x00000001, 7-zip, alternate, avgntflt.sys, avira, bho, black, bonjour, call of duty, corp./icp, data recovery, desktop, device driver, downloader, entfernen, error, firefox.exe, flash player, google, google earth, grand theft auto, hijack, hijackthis, home, home premium, iastor.sys, install.exe, installation, location, logfile, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, problem, programdata, realtek, registry, saver, scan, searchplugins, security, shell32.dll, skype.exe, software, sptd.sys, static, studio, svchost.exe, system restore, tan abfrage, teamspeak, vista, vlc media player



Ähnliche Themen: 20 Tan eingeben Sparkasse Online Banking


  1. Win XP Trojaner Sparkasse Online-Banking
    Log-Analyse und Auswertung - 10.03.2015 (34)
  2. Sparkasse Online Banking gesperrt wegen Troyaner
    Log-Analyse und Auswertung - 30.09.2014 (19)
  3. Sparkasse hat das Online-Banking gesperrt, Hinweis: Trojaner
    Log-Analyse und Auswertung - 24.05.2013 (12)
  4. Online-Banking Trojaner (Sparkasse)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (13)
  5. Trojaner TR/Dropper.Gen bzw. Trojan.SpyEyes.R bei Online-Banking Sparkasse
    Log-Analyse und Auswertung - 27.08.2011 (28)
  6. Sparkasse Online-Banking Probleme
    Log-Analyse und Auswertung - 19.05.2011 (44)
  7. Online Banking Sparkasse- mehrere Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (14)
  8. Phishing Trojaner Sparkasse Online Banking
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (57)
  9. 20 tan bei Sparkasse online-Banking wie bekomme ich das weider runter
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (1)
  10. 20 Tan-Abfrage beim Online-Banking der Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (18)
  11. 20 tan bei Sparkasse online-Banking
    Plagegeister aller Art und deren Bekämpfung - 07.11.2010 (10)
  12. 20 TAN Trojaner Sparkasse Online Banking :( Was nun?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (32)
  13. Online-Banking (Sparkasse) verlangt nach Login Eingabe von mehreren TAN
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (1)
  14. Trojaner Online Banking Sparkasse, PC formatieren??
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (44)
  15. Trojaner: Online Banking Sparkasse - 50 Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (10)
  16. Sparkasse sperrt Online-Banking wg Malware + weitere Probs
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (1)
  17. Phishing Online Banking Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)

Zum Thema 20 Tan eingeben Sparkasse Online Banking - Hallo, ich habe folgendes Problem: Ich wurde heute aufgefordert 20 Tan Nummern einzugeben, um meine Sicherheit zu gewährleisten. Da ich ein externes Gerät zur TAN Erzeugung nutze, habe ich natürlich - 20 Tan eingeben Sparkasse Online Banking...
Archiv
Du betrachtest: 20 Tan eingeben Sparkasse Online Banking auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.