Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Plagegeister aller Art und deren Bekämpfung: Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2011, 21:48   #1
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Hallo an ALLE da draußen....

bin neu hier im Forum...wurde mir vom Kollegen empfohlen die Seite.

Habe das Problem mit der Postbank.de Seite...wurde aufgefordert durch ein POP UP Site 40 Tan s einzugeben. Der Wurm ist drin....aber wie werde ich Ihn los???

Bin für jede Hilfe dankbar....

Gruss aus Berlin



hier log vom malware

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.01.2011 20:57:26
mbam-log-2011-01-11 (20-57-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163551
Laufzeit: 7 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QsFI3OpLXB- (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4C3057-8650-922D-E516-E62F3D0AFC29} (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FADC21E1-6424-03DA-8095-B1E6205F8FCF} (Spyware.Passwords.XGen) -> Value: {FADC21E1-6424-03DA-8095-B1E6205F8FCF} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\muammer saglam\AppData\Roaming\Kiciq\oqufq.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\bPLQ87s.dll (Adware.BHO) -> No action taken.
c:\Windows\System32\qsfi3oplxb-.exe (Adware.AdRotator) -> No action taken.

Alt 12.01.2011, 10:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 24.01.2011, 18:54   #3
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Hi, hier die werte,,,,,danke an euch im Voraus

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.01.2011 20:57:26
mbam-log-2011-01-11 (20-57-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163551
Laufzeit: 7 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QsFI3OpLXB- (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4C3057-8650-922D-E516-E62F3D0AFC29} (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FADC21E1-6424-03DA-8095-B1E6205F8FCF} (Spyware.Passwords.XGen) -> Value: {FADC21E1-6424-03DA-8095-B1E6205F8FCF} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\muammer saglam\AppData\Roaming\Kiciq\oqufq.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\bPLQ87s.dll (Adware.BHO) -> No action taken.
c:\Windows\System32\qsfi3oplxb-.exe (Adware.AdRotator) -> No action taken.
__________________
Alt 24.01.2011, 19:09   #4
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


OTL ERGEBNIS:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.01.2011 18:59:25 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\Muammer Saglam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 65,73 Gb Free Space | 29,69% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
 
Computer Name: MUAMMER-PC | User Name: Muammer Saglam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Muammer Saglam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Muammer Saglam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech                  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPNoteBook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HPNoteBook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b236a43f-ea0b-90fd-d2a8-988af5d25090}:4.6.6.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.04.01 13:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 21:10:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.10 20:52:02 | 000,000,000 | ---D | M]
 
[2008.12.23 01:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Extensions
[2011.01.22 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions
[2009.09.05 22:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.23 14:47:46 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.15 22:19:40 | 000,000,266 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\Mozilla\Firefox\Profiles\kw638ve2.default\searchplugins\Search.xml
[2011.01.09 17:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.15 22:19:27 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{b236a43f-ea0b-90fd-d2a8-988af5d25090}
[2010.07.27 08:15:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.24 09:44:21 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll
[2010.09.18 21:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.18 21:10:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.18 21:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.18 21:10:17 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.18 21:10:17 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\AutoRun\command - "" = G:\m.exe
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\open\Command - "" = G:\m.exe
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.24 18:55:43 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Muammer Saglam\Desktop\OTL.exe
[2011.01.11 23:04:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 23:04:15 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.11 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Malwarebytes
[2011.01.11 20:48:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.11 20:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.11 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.11 20:47:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.11 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.10 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.01.10 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Google
[2011.01.09 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Google
[2011.01.09 22:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.01.09 22:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.01.09 18:00:52 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\Backups
[2011.01.09 17:59:58 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Priotecs
[2011.01.09 17:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priotecs Software
[2011.01.09 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\Add-in Express
[2011.01.09 17:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Backup Assistant
[2011.01.09 12:34:36 | 005,888,786 | ---- | C] (J. Rathlev                                                  ) -- C:\Users\Muammer Saglam\Favorites\Documents\pb-setup-5.0.0702.exe
[2011.01.09 12:34:20 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\PersBackup
[2010.12.28 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Verlag Heinrich Vogel
[2010.12.28 20:54:15 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Verlag_Heinrich_Vogel_in_
[2010.12.28 20:53:31 | 000,000,000 | RH-D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\SecuROM
[2009.07.15 17:45:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5450.dll
[2009.07.15 17:32:34 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF0FB.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Muammer Saglam\*.tmp files -> C:\Users\Muammer Saglam\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 18:55:59 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Muammer Saglam\Desktop\OTL.exe
[2011.01.24 18:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.24 18:52:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000UA.job
[2011.01.24 18:08:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 18:08:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 17:52:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 16:09:30 | 000,093,590 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.001
[2011.01.24 16:09:22 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.01.24 16:08:49 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.24 16:08:08 | 2146,373,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.24 13:04:43 | 000,093,590 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.dat
[2011.01.23 21:52:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000Core.job
[2011.01.13 21:53:41 | 000,002,087 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Google Chrome.lnk
[2011.01.12 21:55:37 | 159,407,648 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.11 22:56:45 | 000,083,968 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.10 20:55:48 | 000,624,216 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.10 20:55:48 | 000,592,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.10 20:55:48 | 000,124,902 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.10 20:55:48 | 000,103,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.10 20:49:43 | 000,422,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.09 18:36:41 | 515,969,575 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Outlook - 2011-01-09_18-00-52.oba
[2011.01.09 17:59:50 | 000,000,862 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Outlook Backup Assistant.lnk
[2011.01.09 12:59:14 | 000,000,016 | ---- | M] () -- C:\Users\Muammer Saglam\persistent_state
[2011.01.09 12:50:58 | 000,000,036 | ---- | M] () -- C:\Windows\iltwain.ini
[2011.01.09 12:43:43 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011.01.09 12:34:40 | 005,888,786 | ---- | M] (J. Rathlev                                                  ) -- C:\Users\Muammer Saglam\Favorites\Documents\pb-setup-5.0.0702.exe
[2011.01.08 16:05:34 | 000,007,592 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Local\d3d9caps.dat
[2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[5 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Muammer Saglam\*.tmp files -> C:\Users\Muammer Saglam\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.10 20:36:06 | 000,002,087 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Google Chrome.lnk
[2011.01.10 20:35:14 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000UA.job
[2011.01.10 20:35:09 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000Core.job
[2011.01.09 22:50:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.09 22:50:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.09 18:03:15 | 515,969,575 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Outlook - 2011-01-09_18-00-52.oba
[2011.01.09 17:59:50 | 000,000,862 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Outlook Backup Assistant.lnk
[2011.01.09 12:43:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.11 21:54:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 20:15:19 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.26 12:02:46 | 000,000,426 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.05.26 12:02:46 | 000,000,169 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.05.26 12:01:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.05.26 12:01:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.05.26 11:58:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.05.26 11:58:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.02.09 15:00:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.02.09 14:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010.01.01 22:20:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.23 00:34:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.23 00:34:19 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 00:34:19 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.23 00:34:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.12.23 00:34:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.15 22:09:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.02.14 23:05:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.02.14 23:04:38 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.20 01:18:24 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.15 01:16:30 | 000,000,132 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\default.rss
[2008.11.13 00:56:19 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.11.04 01:58:10 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2008.11.04 01:57:47 | 000,009,391 | ---- | C] () -- C:\Windows\System32\dymourl.ini
[2008.11.04 01:56:07 | 000,061,440 | ---- | C] () -- C:\Windows\System32\DYMOCFG.DLL
[2008.11.04 01:56:07 | 000,004,096 | ---- | C] () -- C:\Windows\System32\lmmonres.dll
[2008.10.24 23:20:54 | 000,003,704 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.02.10 21:52:05 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.10 21:44:11 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\FnF4.txt
[2008.02.10 12:42:15 | 000,083,968 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.08 22:54:45 | 000,040,606 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.02.08 22:33:00 | 000,093,590 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.001
[2008.02.08 22:21:19 | 000,093,590 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.dat
[2008.02.08 22:19:22 | 000,007,592 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\d3d9caps.dat
[2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\QSwitch.txt
[2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\DSwitch.txt
[2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\AtStart.txt
[2008.01.14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007.12.06 08:06:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.06 10:37:06 | 000,009,216 | ---- | C] () -- C:\Windows\System32\gengpmon.dll
[2004.05.05 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[2002.10.15 13:46:26 | 000,196,608 | ---- | C] () -- C:\Windows\System32\hpbvnstp.dll
[2001.07.31 10:17:12 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:5A9D9B1749138FEA

< End of report >
--- --- ---
Alt 24.01.2011, 19:10   #5
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Extras editorOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2011 18:59:25 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,36 Gb Total Space | 65,73 Gb Free Space | 29,69% Space Free | Partition Type: NTFS
Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
 
Computer Name: MUAMMER-PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B7DB2E4-A39F-462F-80FA-96C1FF595886}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{49E977A7-CE46-4665-B852-54E22C4808D2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{51174D1D-1404-4B58-9AD9-171747BB4AEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{58D189A5-7DBB-49F6-BDD0-2998AC2319C3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{627EEB51-9D8E-429E-9A96-738570DF878A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90DD53B8-2C4E-49E6-8195-8D3FF3BEF023}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AD504BBD-55F2-4EE7-BF21-E4F0975C0012}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{AE0634F9-7A75-4F87-825E-B02FE3568487}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{C1D4AB9A-7213-4FB1-87CD-CC1D1A269D4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8DB814E-5EAF-4DDD-A769-D69C3AF5291D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4A61742-BB3C-48D0-8470-88CBE90CD360}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E1FB57A6-718E-49A9-851B-D733EE6A1191}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093B9AE1-0229-4CAE-8022-C6C264755834}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{114FD79B-5907-4707-B158-6489365D17AC}" = protocol=58 | dir=out | app=system | 
"{27EF8047-9C43-4878-A468-AE1203AB67FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{46AB4747-8BB9-4ED7-8AD5-09AF732444A2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{4C8CED7D-BA3B-4D70-B841-3D4DA624CAE7}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | 
"{4DED6DE2-30E8-4F86-9DE0-C12ACF9523EF}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{55DC4FB3-ECB1-4C33-B585-D6F3AB2116BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5843F2AB-D2FD-4B45-9142-51A2337D1C6E}" = protocol=58 | dir=out | app=system | 
"{5D4C658D-0E3F-47E0-B1F8-BFA73DAA8227}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{622646EB-B136-4EAB-AE68-6F96C2B092C9}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{8818A4C9-F936-4EF8-B796-819B7B213EC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9AADB0EC-812C-437C-8251-34799A87018A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{9DFAD587-0ED6-419A-B484-CC680C0F385A}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | 
"{D3324129-490B-482F-956C-1E0F7CAA014A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{D5E2FF5E-6F4E-4B07-879F-9222B9A84568}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{E41ABC7F-9F61-4C83-90BB-70C4D81F3FCC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E4CD0E32-1AAD-402D-8367-7E750BF1C2F2}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{0990DF52-92A1-460E-8EBB-EA4D0171ABE9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{27100FD6-9B16-4D5E-90B6-8B28EB4354A7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{2796760E-CEB4-4C74-A183-2205F798FCBC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{37B17900-45D5-45CB-9054-CB1D828A7AE2}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"TCP Query User{4B388F06-A418-4FBF-851A-DB6CDD28B449}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{57DE1C1F-8ED1-4107-9754-C7C920087622}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{69945F81-99CE-4EA9-BE1C-C5774FF8C162}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{995DDB14-9FC7-4EA7-9F52-679C9DA7711E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{AC116EB2-8A79-4B4D-AE2E-ABA7D0A4FB68}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{E1875F6A-EADC-4747-9AF4-3A71F12A6E74}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{E730D29C-C5AE-41B9-8B88-32AC0B8621D7}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{F931EA6C-1552-4D42-BA3A-31033301F6C2}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"UDP Query User{077C5440-3059-42F8-BFF9-2ABDF0A1DF74}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{147B538B-AFE8-4305-A68C-DDDDC2EFF317}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"UDP Query User{3E561E0D-91B4-47E6-9EA5-CCA67BF18CDF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{474DAE50-6980-4CCF-8B90-89831BBFD8A9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{70DB6837-4C40-48F5-A10B-547DEF6B527B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{7D1BF85B-E2E1-4FD0-B98E-023456F8225C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"UDP Query User{93076A45-5582-48F2-B945-D2DAD2B978BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{94C0A5C4-E29A-4319-9373-9EEC209C2DB9}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{9C3B23C7-42C8-4CFE-9E1D-D9A00129B71E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{ACADC6E5-81E5-405F-A58C-7306E7CD6B12}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{BB95E540-45B0-4866-AD67-DF0515323120}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D8A0006B-8D6D-487D-A367-2F1940998985}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = maxx PDFMAILER
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{def1b9a3-19af-4cbc-91ca-fed307fc41e6}" = Nero 9
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"M3 GAME Manager" = M3 GAME Manager Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Backup_is1" = Personal Backup 5.0
"Recuva" = Recuva
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Supreme Auction_is1" = Supreme Auction
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltraISO_is1" = UltraISO Premium V9.33
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VideoLAN VLC media player 0.8.6i
"vShare" = vShare Plugin
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2009 17:03:29 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:29 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.11.2009 01:05:40 | Computer Name = Muammer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_HPSLPSVC, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00610043,  Prozess-ID 0x164, 
Anwendungsstartzeit 01ca6edb571890d4.
 
Error - 29.11.2009 09:00:02 | Computer Name = Muammer-PC | Source = MsiInstaller | ID = 11706
Description = 
 
[ OSession Events ]
Error - 18.01.2010 16:31:43 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12503
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.02.2010 04:59:15 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2010 03:52:58 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.04.2010 13:49:40 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5697
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 06.06.2010 06:30:48 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.06.2010 07:23:20 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 231
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 04.07.2010 05:28:40 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.07.2010 13:24:52 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.09.2010 15:58:37 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 53
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:33:25 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---
Alt 24.01.2011, 19:26   #6
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Liebe Grüße und danke schon mal für eure Zeit und Hilfe,
lazminator

Alt 24.01.2011, 20:30   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Zitat:
Datenbank Version: 5505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

11.01.2011 20:57:26
Das ist ein altes Log. Wo ist das Log vom aktuellen Scan?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2011, 14:45   #8
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Also hier nochmal der aktuelle scan...


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5591

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

24.01.2011 23:32:39
mbam-log-2011-01-24 (23-32-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 381023
Laufzeit: 2 Stunde(n), 25 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 25.01.2011, 14:46   #9
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Bitte nun wieder um Hilfe...DANKE

Alt 25.01.2011, 19:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2011, 19:24   #11
Lazminator
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


nein , das sind alle die ich habe


danke im voraus

Alt 25.01.2011, 20:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Standard

Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\AutoRun\command - "" = G:\m.exe
O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\open\Command - "" = G:\m.exe
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun
O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
@Alternate Data Stream - 24 bytes -> C:\Windows:5A9D9B1749138FEA
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!
adware.adrotator, anti-malware, appdata, brauche, browser, dateien, explorer, helper, install, log, microsoft, neu, opfer, pop up, problem, profis, pup.dealio, roaming, service, software, system, system32, tan, trojaner, version, wurm


« 2 Plagegeister: TR/Kazy.5461.146 und TR/ATRAPS.Gen2 | KTZ.EXE verursacht Probleme »


Ähnliche Themen: Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!


  1. Noch ein wssetup.exe Opfer
    Plagegeister aller Art und deren Bekämpfung - 15.09.2013 (10)
  2. Und noch ein System Doctor 2014 Opfer
    Log-Analyse und Auswertung - 10.06.2013 (7)
  3. Noch ein Trojaner beim Postbank Online Banking
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (20)
  4. Suisa - noch ein Opfer
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (15)
  5. My Start incredibar ... noch ein Opfer
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (28)
  6. AKM-Virus hat noch ein Opfer...
    Log-Analyse und Auswertung - 11.06.2012 (19)
  7. und noch ein AKM 100 EUR Opfer...
    Log-Analyse und Auswertung - 25.05.2012 (12)
  8. :( :( :( noch ein antimalware doc opfer.ratlos! :(
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (20)
  9. Bitte noch mal neu überprüfen Routinecheck an profis
    Log-Analyse und Auswertung - 30.01.2010 (2)
  10. Brauche Hilfe von den Profis VIRUS ALERT!
    Log-Analyse und Auswertung - 18.07.2008 (5)
  11. Brauche dringend Begutachtung und Hilfe von Profis !
    Log-Analyse und Auswertung - 25.06.2006 (9)
  12. noch ein spy axe opfer...
    Log-Analyse und Auswertung - 16.12.2005 (13)
  13. hijack logfile - BRAUCHE PROFIS !!!
    Log-Analyse und Auswertung - 29.06.2005 (10)
  14. Brauche mal Tips zur Plattenbelegung
    Alles rund um Mac OSX & Linux - 14.04.2005 (2)
  15. Noch ein Trojaner-Opfer -oder doch nicht?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2005 (4)
  16. Noch ein Trojaner Opfer
    Log-Analyse und Auswertung - 19.11.2004 (20)
  17. Noch ein Trojaner Opfer
    Log-Analyse und Auswertung - 18.11.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! - Hallo an ALLE da draußen.... bin neu hier im Forum...wurde mir vom Kollegen empfohlen die Seite. Habe das Problem mit der Postbank.de Seite...wurde aufgefordert durch ein POP UP Site 40 - Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!...
Archiv
Du betrachtest: Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58