Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Deutsche Bank 30 tan trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2010, 08:47   #1
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Guten morgen, ich habe leider das gleiche problem wie die anderen auch.


Hab eine trojaner der auf der deutschen bank seite nach 30 tans fragt. Habe diese natürlich nicht eingegeben und konto sperren lassen usw.


Desweiteren muss ich noch sagen das ich nur mit einem Benutzer account ins internet gehe, der admin account wird nur für installierungen und deinstallierungen genutzt.

Daher meine frage: Ist der trojaner weg wenn ich den benutzer account lösche?

Ich habe aber vorsorglich, mit der antimalware einen voll scan gemacht, berichte werden gepostet.

Darüber hinaus hab ich auch otl ausgeführt, die berichte werden natürlich auch gepostet.

Ich hoffe ihr könnte mir weiter helfen, wäre auch für jeden tipp dankbar um meinen laptop sicherer zumachen.

Schmeisst mir ruhig alles an den kopf, bin immer dankbar

Anti Malware bericht:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.12.2010 09:20:32
mbam-log-2010-12-27 (09-20-21).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295780
Time elapsed: 31 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\abi_2\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44\7305616c-467ff6ba (Spyware.Passwords.XGen) -> No action taken.

Otl bericht:
OTL logfile created on: 28.12.2010 08:28:00 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\abi_2\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,21 Gb Total Space | 370,61 Gb Free Space | 82,32% Space Free | Partition Type: NTFS
Drive D: | 15,25 Gb Total Space | 2,50 Gb Free Space | 16,42% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: abi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\abi_2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\abi_2\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.20 20:30:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 21:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 21:11:17 | 000,000,000 | ---D | M]

[2010.09.11 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\abi\AppData\Roaming\mozilla\Extensions
[2010.09.11 10:16:20 | 000,000,000 | ---D | M] -- C:\Users\abi\AppData\Roaming\mozilla\Firefox\Profiles\kz3y5x6m.default\extensions
[2010.09.11 09:28:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.11.22 21:33:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.22 21:33:37 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.22 21:33:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.22 21:33:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.22 21:33:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-LVINV.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.12.18 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verimount
[2010.12.16 11:30:07 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.16 11:30:07 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.16 11:30:07 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.16 11:30:07 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.16 11:30:06 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.16 11:30:06 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.16 11:30:06 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.16 11:30:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.16 11:30:03 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.16 11:30:03 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.16 11:30:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.16 11:30:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.16 11:30:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.16 11:30:00 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.16 11:29:59 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.16 11:29:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.16 11:29:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.16 11:29:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.16 11:29:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.16 11:29:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.16 11:29:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.16 11:29:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.16 11:29:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.16 11:29:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.16 11:29:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.16 11:29:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.16 11:29:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.16 11:29:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.16 11:29:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.10 22:07:29 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.12.10 22:07:29 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.12.10 22:07:29 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.12.10 22:07:29 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.12.10 22:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.12.08 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\abi\Desktop\Neuer Ordner
[2010.11.28 11:45:27 | 000,000,000 | ---D | C] -- C:\Hewlett-Packard
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.12.28 08:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.28 08:24:41 | 3214,045,184 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.27 21:05:15 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 21:05:15 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 08:39:27 | 000,709,456 | ---- | M] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | M] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.27 08:39:27 | 000,000,343 | ---- | M] () -- C:\Windows\is-LVINV.lst
[2010.12.26 00:53:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.26 00:53:24 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.26 00:53:24 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.26 00:53:24 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.26 00:53:24 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.21 20:46:56 | 000,779,776 | ---- | M] () -- C:\Users\abi\Documents\titelblatt.wps
[2010.12.21 20:40:48 | 000,018,432 | ---- | M] () -- C:\Users\abi\Documents\lebenslauf 2.wps
[2010.12.21 17:18:37 | 000,011,264 | ---- | M] () -- C:\Users\abi\Documents\Berufbild.wps
[2010.12.21 16:47:09 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\inhaltsverzeichnis new.wps
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.20 17:10:42 | 000,010,240 | ---- | M] () -- C:\Users\abi\Documents\tagesbericht.wps
[2010.12.20 17:01:33 | 000,009,216 | ---- | M] () -- C:\Users\abi\Documents\Mein Arbeitsplatz.wps
[2010.12.18 19:25:42 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk
[2010.12.17 13:27:26 | 000,375,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.16 16:43:10 | 000,010,752 | ---- | M] () -- C:\Users\abi\Documents\tagesbericht 26.11.10.wps
[2010.12.15 17:41:46 | 099,912,192 | ---- | M] () -- C:\Users\abi\Documents\Betrieb bilder 2.wps
[2010.12.15 17:41:36 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\ein besonderes erlebnis.wps
[2010.12.15 17:41:32 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\erkenntnisse.wps
[2010.12.15 17:41:27 | 000,010,240 | ---- | M] () -- C:\Users\abi\Documents\tagesbericht 2.wps
[2010.12.15 17:41:23 | 000,010,752 | ---- | M] () -- C:\Users\abi\Documents\Erwartungen.wps
[2010.12.15 17:15:25 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\Wahlthema.wps
[2010.12.10 22:09:32 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.12.10 22:07:36 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.07 22:04:32 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\Der Betrieb.wps
[2010.12.07 21:36:03 | 000,011,264 | ---- | M] () -- C:\Users\abi\Documents\Fremdwörter.wps
[2010.12.06 12:43:17 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForabi.job
[2010.11.28 11:49:11 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.12.27 08:39:27 | 000,709,456 | ---- | C] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | C] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | C] () -- C:\Windows\is-LVINV.lst
[2010.12.21 17:26:14 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.12.21 17:25:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2010.12.21 16:43:56 | 000,018,432 | ---- | C] () -- C:\Users\abi\Documents\lebenslauf 2.wps
[2010.12.18 19:25:42 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk
[2010.12.17 18:30:51 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\inhaltsverzeichnis new.wps
[2010.12.16 16:25:30 | 000,010,752 | ---- | C] () -- C:\Users\abi\Documents\tagesbericht 26.11.10.wps
[2010.12.15 17:43:12 | 000,779,776 | ---- | C] () -- C:\Users\abi\Documents\titelblatt.wps
[2010.12.15 17:16:06 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\erkenntnisse.wps
[2010.12.13 18:35:48 | 099,912,192 | ---- | C] () -- C:\Users\abi\Documents\Betrieb bilder 2.wps
[2010.12.10 22:07:36 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.10 18:41:16 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\ein besonderes erlebnis.wps
[2010.12.10 16:17:29 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\Wahlthema.wps
[2010.12.08 15:47:50 | 000,010,752 | ---- | C] () -- C:\Users\abi\Documents\Erwartungen.wps
[2010.12.08 15:45:49 | 000,011,264 | ---- | C] () -- C:\Users\abi\Documents\Berufbild.wps
[2010.12.08 15:44:29 | 000,009,216 | ---- | C] () -- C:\Users\abi\Documents\Mein Arbeitsplatz.wps
[2010.12.08 15:43:00 | 000,010,240 | ---- | C] () -- C:\Users\abi\Documents\tagesbericht.wps
[2010.12.08 15:43:00 | 000,010,240 | ---- | C] () -- C:\Users\abi\Documents\tagesbericht 2.wps
[2010.12.06 17:20:02 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\Der Betrieb.wps
[2010.12.03 18:02:32 | 000,011,264 | ---- | C] () -- C:\Users\abi\Documents\Fremdwörter.wps
[2010.11.28 11:49:11 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010.11.28 11:46:35 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForabi.job
[2010.11.24 08:14:40 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Roaming\chrtmp
[2010.09.19 11:14:31 | 000,002,762 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.17 16:17:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 09:08:38 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Local\QSwitch.txt
[2010.09.11 09:08:38 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Local\DSwitch.txt
[2010.09.11 09:08:38 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Local\AtStart.txt
[2009.08.25 16:46:29 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.08.25 16:42:24 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.08.25 16:40:25 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.08.25 16:39:37 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009.07.15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.01 00:48:10 | 000,000,369 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.01 00:06:07 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.04.01 00:06:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.04.01 00:05:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.04.01 00:05:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.04.01 00:05:07 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.04.01 00:03:58 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009.04.01 00:03:58 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009.04.01 00:03:58 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009.04.01 00:03:58 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009.04.01 00:03:58 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009.04.01 00:03:58 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22

< End of report >

2ter otl text:

OTL Extras logfile created on: 28.12.2010 08:28:00 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\abi_2\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,21 Gb Total Space | 370,61 Gb Free Space | 82,32% Space Free | Partition Type: NTFS
Drive D: | 15,25 Gb Total Space | 2,50 Gb Free Space | 16,42% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: abi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Digital Media Converter_is1" = Digital Media Converter 2.7
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"FirstloadIkarus" = Firstload Ikarus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"RealPlayer 12.0" = RealPlayer
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07.12.2010 08:11:57 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 07.12.2010 10:12:07 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 07.12.2010 10:12:37 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 07.12.2010 15:40:52 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 07.12.2010 15:43:06 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 07.12.2010 15:43:37 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 07.12.2010 16:24:39 | Computer Name = hp | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error - 11.12.2010 05:24:36 | Computer Name = hp | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f78 Startzeit:
01cb990e3ca51e52 Endzeit: 309 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
6b631396-0508-11e0-ac12-00269e2d5242

Error - 12.12.2010 07:18:07 | Computer Name = hp | Source = RasClient | ID = 20227
Description =

Error - 12.12.2010 09:48:14 | Computer Name = hp | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 14.11.2010 15:46:56 | Computer Name = hp | Source = MCUpdate | ID = 0
Description = 20:46:56 - Fehler beim Herstellen der Internetverbindung. 20:46:56
- Serververbindung konnte nicht hergestellt werden..

Error - 14.11.2010 15:47:05 | Computer Name = hp | Source = MCUpdate | ID = 0
Description = 20:47:01 - Fehler beim Herstellen der Internetverbindung. 20:47:01
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 21.11.2010 08:57:38 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 21.11.2010 12:48:38 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 21.11.2010 13:09:37 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 21.11.2010 14:17:33 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 22.11.2010 06:53:20 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 22.11.2010 12:49:05 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 22.11.2010 15:26:43 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 22.11.2010 16:07:10 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 22.11.2010 16:36:52 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 23.11.2010 03:10:28 | Computer Name = hp | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.


< End of report >

Alt 28.12.2010, 19:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Zitat:
Database version: 5363
Waren die Signaturen aktuell? Sieht mir nicht danach aus.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________

__________________

Alt 28.12.2010, 20:48   #3
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Zitat:
Zitat von cosinus Beitrag anzeigen
Waren die Signaturen aktuell? Sieht mir nicht danach aus.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
Hallo arne, danke für die antwort erstmal.

hast recht, habe die datenbank nicht aktualisiert.

hab das gerade natürlich nachgeholt und werde denn scan noch mal vollständig machen und otl auch noch mal.

sobald ich fertig bin, werde ich alles nochmal posten.
__________________

Alt 28.12.2010, 21:39   #4
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



so bin fertig, hier der anti malware bericht:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5409

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.12.2010 21:26:02
mbam-log-2010-12-28 (21-26-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 333733
Laufzeit: 40 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ende

Alt 28.12.2010, 21:41   #5
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



und hier noch der otl bericht:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.12.2010 21:37:06 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\abi_2\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,21 Gb Total Space | 370,09 Gb Free Space | 82,20% Space Free | Partition Type: NTFS
Drive D: | 15,25 Gb Total Space | 2,50 Gb Free Space | 16,42% Space Free | Partition Type: NTFS
 
Computer Name: HP | User Name: abi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\abi_2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\abi_2\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.20 20:30:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 21:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 21:11:17 | 000,000,000 | ---D | M]
 
[2010.09.11 09:28:24 | 000,000,000 | ---D | M] -- C:\Users\abi\AppData\Roaming\mozilla\Extensions
[2010.09.11 10:16:20 | 000,000,000 | ---D | M] -- C:\Users\abi\AppData\Roaming\mozilla\Firefox\Profiles\kz3y5x6m.default\extensions
[2010.09.11 09:28:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.11.22 21:33:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.22 21:33:37 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.22 21:33:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.22 21:33:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.22 21:33:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-LVINV.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000002] C:\Windows\is-SVV6A.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.28 18:08:15 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2010.12.18 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verimount
[2010.12.16 11:30:07 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.16 11:30:07 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.16 11:30:07 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.16 11:30:07 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.16 11:30:06 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.16 11:30:06 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.16 11:30:06 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.16 11:30:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.16 11:30:03 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.16 11:30:03 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.16 11:30:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.16 11:30:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.16 11:30:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.16 11:30:00 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.16 11:29:59 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.16 11:29:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.16 11:29:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.16 11:29:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.16 11:29:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.16 11:29:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.16 11:29:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.16 11:29:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.16 11:29:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.16 11:29:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.16 11:29:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.16 11:29:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.16 11:29:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.16 11:29:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.16 11:29:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.10 22:07:29 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.12.10 22:07:29 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.12.10 22:07:29 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.12.10 22:07:29 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.12.10 22:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.12.08 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\abi\Desktop\Neuer Ordner
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.28 20:48:22 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.28 20:48:22 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.28 20:41:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.28 20:40:57 | 3214,045,184 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.28 20:39:58 | 000,709,456 | ---- | M] () -- C:\Windows\is-SVV6A.exe
[2010.12.28 20:39:58 | 000,012,846 | ---- | M] () -- C:\Windows\is-SVV6A.msg
[2010.12.28 20:39:58 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.28 20:39:58 | 000,000,355 | ---- | M] () -- C:\Windows\is-SVV6A.lst
[2010.12.28 09:23:51 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.28 09:23:51 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.28 09:23:51 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.28 09:23:51 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.28 09:23:51 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.27 08:39:27 | 000,709,456 | ---- | M] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | M] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | M] () -- C:\Windows\is-LVINV.lst
[2010.12.21 20:46:56 | 000,779,776 | ---- | M] () -- C:\Users\abi\Documents\titelblatt.wps
[2010.12.21 20:40:48 | 000,018,432 | ---- | M] () -- C:\Users\abi\Documents\lebenslauf  2.wps
[2010.12.21 17:18:37 | 000,011,264 | ---- | M] () -- C:\Users\abi\Documents\Berufbild.wps
[2010.12.21 16:47:09 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\inhaltsverzeichnis new.wps
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.20 17:10:42 | 000,010,240 | ---- | M] () -- C:\Users\abi\Documents\tagesbericht.wps
[2010.12.20 17:01:33 | 000,009,216 | ---- | M] () -- C:\Users\abi\Documents\Mein Arbeitsplatz.wps
[2010.12.18 19:25:42 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk
[2010.12.17 13:27:26 | 000,375,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.16 16:43:10 | 000,010,752 | ---- | M] () -- C:\Users\abi\Documents\tagesbericht 26.11.10.wps
[2010.12.15 17:41:46 | 099,912,192 | ---- | M] () -- C:\Users\abi\Documents\Betrieb bilder 2.wps
[2010.12.15 17:41:36 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\ein besonderes erlebnis.wps
[2010.12.15 17:41:32 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\erkenntnisse.wps
[2010.12.15 17:41:27 | 000,010,240 | ---- | M] () -- C:\Users\abi\Documents\tagesbericht 2.wps
[2010.12.15 17:41:23 | 000,010,752 | ---- | M] () -- C:\Users\abi\Documents\Erwartungen.wps
[2010.12.15 17:15:25 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\Wahlthema.wps
[2010.12.10 22:09:32 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.12.10 22:07:36 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.07 22:04:32 | 000,009,728 | ---- | M] () -- C:\Users\abi\Documents\Der Betrieb.wps
[2010.12.07 21:36:03 | 000,011,264 | ---- | M] () -- C:\Users\abi\Documents\Fremdwörter.wps
[2010.12.06 12:43:17 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForabi.job
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.28 20:39:58 | 000,709,456 | ---- | C] () -- C:\Windows\is-SVV6A.exe
[2010.12.28 20:39:58 | 000,012,846 | ---- | C] () -- C:\Windows\is-SVV6A.msg
[2010.12.28 20:39:58 | 000,000,355 | ---- | C] () -- C:\Windows\is-SVV6A.lst
[2010.12.27 08:39:27 | 000,709,456 | ---- | C] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | C] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | C] () -- C:\Windows\is-LVINV.lst
[2010.12.21 17:26:14 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.12.21 17:25:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2010.12.21 16:43:56 | 000,018,432 | ---- | C] () -- C:\Users\abi\Documents\lebenslauf  2.wps
[2010.12.18 19:25:42 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk
[2010.12.17 18:30:51 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\inhaltsverzeichnis new.wps
[2010.12.16 16:25:30 | 000,010,752 | ---- | C] () -- C:\Users\abi\Documents\tagesbericht 26.11.10.wps
[2010.12.15 17:43:12 | 000,779,776 | ---- | C] () -- C:\Users\abi\Documents\titelblatt.wps
[2010.12.15 17:16:06 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\erkenntnisse.wps
[2010.12.13 18:35:48 | 099,912,192 | ---- | C] () -- C:\Users\abi\Documents\Betrieb bilder 2.wps
[2010.12.10 22:07:36 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.10 18:41:16 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\ein besonderes erlebnis.wps
[2010.12.10 16:17:29 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\Wahlthema.wps
[2010.12.08 15:47:50 | 000,010,752 | ---- | C] () -- C:\Users\abi\Documents\Erwartungen.wps
[2010.12.08 15:45:49 | 000,011,264 | ---- | C] () -- C:\Users\abi\Documents\Berufbild.wps
[2010.12.08 15:44:29 | 000,009,216 | ---- | C] () -- C:\Users\abi\Documents\Mein Arbeitsplatz.wps
[2010.12.08 15:43:00 | 000,010,240 | ---- | C] () -- C:\Users\abi\Documents\tagesbericht.wps
[2010.12.08 15:43:00 | 000,010,240 | ---- | C] () -- C:\Users\abi\Documents\tagesbericht 2.wps
[2010.12.06 17:20:02 | 000,009,728 | ---- | C] () -- C:\Users\abi\Documents\Der Betrieb.wps
[2010.12.03 18:02:32 | 000,011,264 | ---- | C] () -- C:\Users\abi\Documents\Fremdwörter.wps
[2010.11.24 08:14:40 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Roaming\chrtmp
[2010.09.19 11:14:31 | 000,002,762 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.17 16:17:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 09:08:38 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Local\QSwitch.txt
[2010.09.11 09:08:38 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Local\DSwitch.txt
[2010.09.11 09:08:38 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Local\AtStart.txt
[2009.08.25 16:46:29 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.08.25 16:42:24 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.08.25 16:40:25 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.08.25 16:39:37 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009.07.15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.01 00:48:10 | 000,000,369 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.01 00:06:07 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.04.01 00:06:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.04.01 00:05:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.04.01 00:05:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.04.01 00:05:07 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.04.01 00:03:58 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009.04.01 00:03:58 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009.04.01 00:03:58 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009.04.01 00:03:58 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009.04.01 00:03:58 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009.04.01 00:03:58 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22

< End of report >
         
--- --- ---


Alt 29.12.2010, 10:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
--> Deutsche Bank 30 tan trojaner

Alt 29.12.2010, 17:23   #7
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Zitat:
Zitat von cosinus Beitrag anzeigen
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.12.2010 08:45:10
mbam-log-2010-12-27 (08-45-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 35784
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Users\abi_2\AppData\Roaming\Otumba\voam.exe (Spyware.Passwords.XGen) -> 2116 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{935B59E3-7C32-D0B0-7059-371EE67641D8} (Spyware.Passwords.XGen) -> Value: {935B59E3-7C32-D0B0-7059-371EE67641D8} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\abi_2\AppData\Roaming\Otumba\voam.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.



2ter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.12.2010 09:20:36
mbam-log-2010-12-27 (09-20-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295780
Time elapsed: 31 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\abi_2\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44\7305616c-467ff6ba (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.



das ist alles was ich gefunden habe, sonst gibts nichts mehr unter logdateien

Alt 29.12.2010, 19:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-LVINV.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000002] C:\Windows\is-SVV6A.exe ()
O4 - HKLM..\Run: []  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2010.12.27 08:39:27 | 000,709,456 | ---- | M] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | M] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | M] () -- C:\Windows\is-LVINV.lst
[2010.12.28 20:39:58 | 000,709,456 | ---- | C] () -- C:\Windows\is-SVV6A.exe
[2010.12.28 20:39:58 | 000,012,846 | ---- | C] () -- C:\Windows\is-SVV6A.msg
[2010.12.28 20:39:58 | 000,000,355 | ---- | C] () -- C:\Windows\is-SVV6A.lst
[2010.12.27 08:39:27 | 000,709,456 | ---- | C] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | C] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | C] () -- C:\Windows\is-LVINV.lst
[2010.12.21 17:26:14 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.12.21 17:25:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2010.11.24 08:14:40 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Roaming\chrtmp
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2010, 19:49   #9
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Zitat:
Zitat von cosinus Beitrag anzeigen
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-LVINV.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000002] C:\Windows\is-SVV6A.exe ()
O4 - HKLM..\Run: []  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2010.12.27 08:39:27 | 000,709,456 | ---- | M] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | M] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | M] () -- C:\Windows\is-LVINV.lst
[2010.12.28 20:39:58 | 000,709,456 | ---- | C] () -- C:\Windows\is-SVV6A.exe
[2010.12.28 20:39:58 | 000,012,846 | ---- | C] () -- C:\Windows\is-SVV6A.msg
[2010.12.28 20:39:58 | 000,000,355 | ---- | C] () -- C:\Windows\is-SVV6A.lst
[2010.12.27 08:39:27 | 000,709,456 | ---- | C] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | C] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | C] () -- C:\Windows\is-LVINV.lst
[2010.12.21 17:26:14 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.12.21 17:25:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2010.11.24 08:14:40 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Roaming\chrtmp
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


So hab das gemacht und folgendes ist rausgekommen!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 deleted successfully.
C:\Windows\is-LVINV.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000002 deleted successfully.
C:\Windows\is-SVV6A.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File C:\Windows\is-LVINV.exe not found.
C:\Windows\is-LVINV.msg moved successfully.
C:\Windows\is-LVINV.lst moved successfully.
File C:\Windows\is-SVV6A.exe not found.
C:\Windows\is-SVV6A.msg moved successfully.
C:\Windows\is-SVV6A.lst moved successfully.
File C:\Windows\is-LVINV.exe not found.
File C:\Windows\is-LVINV.msg not found.
File C:\Windows\is-LVINV.lst not found.
C:\Windows\hpomdl28.dat moved successfully.
C:\Windows\hpomdl28.dat.temp moved successfully.
C:\Users\abi\AppData\Roaming\chrtmp moved successfully.
ADS C:\ProgramData\Temp:242231A9 deleted successfully.
ADS C:\ProgramData\Temp:0B9D8E22 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: abi
->Temp folder emptied: 1399803664 bytes
->Temporary Internet Files folder emptied: 46661791 bytes
->Java cache emptied: 7094 bytes
->FireFox cache emptied: 101368182 bytes
->Flash cache emptied: 1083 bytes

User: abi_2
->Temp folder emptied: 31225058 bytes
->Temporary Internet Files folder emptied: 107792366 bytes
->Java cache emptied: 18759 bytes
->FireFox cache emptied: 78476460 bytes
->Flash cache emptied: 35363 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 58509 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24613038 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 619869969 bytes

Total Files Cleaned = 2.298,00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12292010_194400

Files\Folders moved on Reboot...
File move failed. C:\Users\abi_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


laptop wurde neugestartet, nur zur info.

bin ich jetzt wieder trojaner frei?

Alt 29.12.2010, 21:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 22:25   #11
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Zitat:
Zitat von cosinus Beitrag anzeigen
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.


Combofix link "hier herunter" ist tot, bei mir kommt da garnichts.

ist combofix und cccleaner das gleiche? sorry für die doofe frage

Alt 30.12.2010, 22:38   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Vermeide bitte blödsinnige Fullquotes!!!
Geh dieser Link => ComboFix (by sUBs) | iSpyNET
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.12.2010, 00:11   #13
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



joooo sorry.


hier ist die log datei von combofix

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-12-30.01 - abi 31.12.2010   0:02.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4087.2902 [GMT 1:00]
ausgeführt von:: c:\users\abi_2\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-11-28 bis 2010-12-30  ))))))))))))))))))))))))))))))
.

2010-12-30 23:06 . 2010-12-30 23:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-30 23:06 . 2010-12-30 23:06	--------	d-----w-	c:\users\abi\AppData\Local\temp
2010-12-30 13:18 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{673F0D5D-016F-46E1-8700-279F7CE665A5}\mpengine.dll
2010-12-29 18:44 . 2010-12-29 18:44	--------	d-----w-	C:\_OTL
2010-12-28 17:08 . 2010-12-28 17:08	--------	d-----w-	C:\Malwarebytes
2010-12-27 07:42 . 2010-12-27 07:42	--------	d-----w-	c:\users\abi_2\AppData\Roaming\Malwarebytes
2010-12-21 16:51 . 2010-12-21 16:51	--------	d-----w-	c:\users\abi_2\AppData\Roaming\Corel
2010-12-18 18:25 . 2010-12-18 18:25	--------	d-----w-	c:\users\abi_2\AppData\Roaming\Verimount
2010-12-18 18:25 . 2010-12-18 18:25	--------	d-----w-	c:\program files (x86)\Verimount
2010-12-16 10:30 . 2010-10-27 04:32	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2010-12-16 10:30 . 2010-11-02 04:40	496128	----a-w-	c:\windows\SysWow64\taskschd.dll
2010-12-16 10:30 . 2010-11-02 04:40	305152	----a-w-	c:\windows\SysWow64\taskcomp.dll
2010-12-16 10:30 . 2010-11-02 04:34	192000	----a-w-	c:\windows\SysWow64\taskeng.exe
2010-12-16 10:30 . 2010-11-02 04:34	179712	----a-w-	c:\windows\SysWow64\schtasks.exe
2010-12-16 10:30 . 2010-10-20 02:58	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2010-12-16 10:30 . 2010-10-20 04:54	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2010-12-16 10:30 . 2010-10-16 04:36	314368	----a-w-	c:\windows\SysWow64\webio.dll
2010-12-16 10:30 . 2010-10-12 05:05	35328	----a-w-	c:\program files\Windows Mail\wabfind.dll
2010-12-16 10:30 . 2010-10-12 05:00	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-16 10:30 . 2010-10-12 04:25	516096	----a-w-	c:\program files (x86)\Windows Mail\wab.exe
2010-12-10 21:07 . 2009-05-11 11:49	51992	----a-w-	c:\windows\SysWow64\drivers\avgntdd.sys
2010-12-10 21:07 . 2009-05-11 11:49	17016	----a-w-	c:\windows\SysWow64\drivers\avgntmgr.sys
2010-12-10 21:07 . 2010-12-10 21:07	--------	d-----w-	c:\program files (x86)\Avira
2010-12-06 23:27 . 2010-12-27 07:45	--------	d-----w-	c:\users\abi_2\AppData\Roaming\Otumba
2010-12-04 23:06 . 2010-12-04 23:06	--------	d-----w-	c:\users\abi_2\AppData\Roaming\_MDLogs
2010-12-02 08:31 . 2010-12-02 08:31	--------	d-----w-	c:\users\abi_2\AppData\Roaming\Template
2010-12-02 07:11 . 2010-12-27 07:57	--------	d-----w-	c:\users\abi_2\AppData\Roaming\Erut
2010-12-01 19:29 . 2010-12-01 19:29	--------	d-----w-	c:\users\abi_2\AppData\Local\Broadcom

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-11-21 17:17	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-19 15:01 . 2010-09-17 15:17	952	--sha-w-	c:\programdata\KGyGaAvL.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 35104]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-07-23 5435904]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/01 00:49];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-23 18:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-10 135336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners

2010-12-06 c:\windows\Tasks\HPCeeScheduleForabi.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-25 12:38]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-25 171520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\abi\AppData\Roaming\Mozilla\Firefox\Profiles\kz3y5x6m.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,c9,be,58,78,f0,ec,48,87,58,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,c9,be,58,78,f0,ec,48,87,58,94,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-31  00:09:33
ComboFix-quarantined-files.txt  2010-12-30 23:09

Vor Suchlauf: 13 Verzeichnis(se), 399.016.505.344 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 429.255.651.328 Bytes frei

- - End Of File - - 50FD0F82B760750263181AA84557F13B
         
--- --- ---

Alt 01.01.2011, 20:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2011, 13:16   #15
bountyhunter
 
Deutsche Bank 30 tan trojaner - Standard

Deutsche Bank 30 tan trojaner



mbrcheck resultat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`9a200000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7FB72189DFFCDFEB4A7222B69EC82AA3A166512A

Antwort

Themen zu Deutsche Bank 30 tan trojaner
64-bit, alternate, antivir, applaus, autorun, avg, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, converter, desktop, deutsche bank, error, excel, fehler, firefox, firefox.exe, flash player, format, frage, home, home premium, iastor.sys, ieframe.dll, install.exe, internet, launch, location, logfile, media center, microsoft office word, mozilla, office 2007, oldtimer, otl.exe, problem, programdata, realtek, rundll, saver, scan, sched.exe, searchplugins, security, security update, shell32.dll, software, syswow64, trojane, trojaner, wallpapers, webcheck



Ähnliche Themen: Deutsche Bank 30 tan trojaner


  1. Deutsche Bank Trojaner fordert 20 TANs an
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (9)
  2. Deutsche Bank Trojaner 100 Tan
    Log-Analyse und Auswertung - 12.04.2013 (7)
  3. Deutsche Bank Trojaner fordert 100 Tan´s
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (3)
  4. Deutsche Bank Tan Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (3)
  5. 100 Tan Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 08.06.2011 (15)
  6. Deutsche Bank 100 TAN Trojaner - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (34)
  7. Deutsche Bank Trojaner c:\recycle.bin (Trojan.Spyeyes)
    Plagegeister aller Art und deren Bekämpfung - 20.05.2011 (37)
  8. Deutsche Bank Trojaner, TAN Abfrage
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (4)
  9. Und nochmal Deutsche Bank TAN-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (16)
  10. Trojaner deutsche Bank TAN eingeben
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  11. Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (34)
  12. Deutsche Bank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (43)
  13. deutsche bank 30 tan trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (6)
  14. 20 TAN Trojaner in Firefox- Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 02.10.2010 (4)
  15. Deutsche Bank Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (13)
  16. 20 Tan Trojaner Deutsche Bank
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (1)
  17. Trojaner? Deutsche Bank will 30 Tans
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (10)

Zum Thema Deutsche Bank 30 tan trojaner - Guten morgen, ich habe leider das gleiche problem wie die anderen auch. Hab eine trojaner der auf der deutschen bank seite nach 30 tans fragt. Habe diese natürlich nicht eingegeben - Deutsche Bank 30 tan trojaner...
Archiv
Du betrachtest: Deutsche Bank 30 tan trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.