Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Banking Trojaner? Sparda Bank

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.05.2011, 12:53   #1
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Hallo.
Ich habe ein sehr ähnliches Problem wie der Herr in diesem Thread. Nach Regel 1 des Boards eröffne ich aber ein eugenes Thema dazu:

Seit letzter Woche ist mir aufgefallen, dass Programme (Firefox/Thunderbird/iTunes usw...) oft doppelt oder dreifach gestartet werden müssen, bis was passiert. Beim ersten Klick kommt oft nur der Warte-Mauszeiger und verschwindet nach 2-3 Sekunden. Danach passiert nichts mehr.

Heute ist mir beim versuchten Onlinebanking das gleiche passiert, wie o.g. Herr in seinem Thread beschreibt: Nach Eingabe der Logindaten auf der Bank-Webseite (keine Tippfehler in der Adresse) kommt folgende Meldung:
Zitat:
Achtung!
Sehr geehrter Benutzer. Ihr account für einige Funktion ist gespert! Bitte bestätigen Sie Ihre gültige TAN-Liste, damit können Sie Ihre onlinebanking weiter voll benutzen. Fur Bestätigung Ihre TAN-Liste, füllen Sie die Form unten und drücken Sie die Taste �Absenden�. Wir bedanken Ihnen um Ihre Verständnis.
Und will alle 100 Tans haben! Auch wenn man gar keine Logindaten eingibt, kommt die Meldung. Ich habe natürlich gleich bei der Bank angerufen und mein Onlinebanking sperren lassen.

Ich habe 4 Partitionen auf meinem System. Muss ich mich von allen Daten verabschieden, oder nur die Systempartition formatieren?
Wenn ich sowieso mein Win7 neu aufsetzen muss, will ich gleich ein Dualboot-system mit Win7 und Ubuntu 11.04 erstellen, also werde ich sowieso Partitionen schubsen müssen usw...



OTL.txt sagt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.05.2011 13:32:24 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\der Jipi\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 36,62 Gb Total Space | 2,13 Gb Free Space | 5,83% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 39,56 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive E: | 75,68 Gb Total Space | 4,98 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive F: | 353,45 Gb Total Space | 28,54 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
 
Computer Name: RRIF | User Name: der Jipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.02 13:25:39 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\DERJIP~1\AppData\Local\Temp\GSS9359.exe
PRC - [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
PRC - [2011.04.29 15:18:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.18 12:18:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 11:39:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009.08.06 01:00:00 | 005,497,856 | ---- | M] () -- C:\xampp\xampp\mysql\bin\mysqld.exe
PRC - [2009.08.06 01:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) -- C:\xampp\xampp\apache\bin\httpd.exe
PRC - [2009.03.20 03:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 03:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.12.09 03:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
MOD - [2009.07.14 03:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009.04.29 03:13:20 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\MSVCP71.dll
MOD - [2008.03.04 02:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\MSVCR71.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.10.14 17:39:35 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.29 15:18:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.18 12:18:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.14 17:37:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.06 01:00:00 | 005,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.08.06 01:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 03:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.12.01 14:39:06 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.11.30 11:39:01 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 14:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.12.19 10:11:40 | 000,314,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.20 03:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 03:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.02.06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.06.08 15:26:10 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2at64.sys -- (Ser2at)
DRV:64bit: - [2006.12.28 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.30 10:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 10:17:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 10:01:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.09.10 17:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Extensions
[2010.09.10 17:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.30 10:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions
[2010.09.28 08:40:57 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.01.14 13:00:25 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.04.29 19:04:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011.01.13 10:49:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.10.09 23:47:46 | 000,000,000 | ---D | M] (GrApple Delicious (blue)) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{472be34c-9688-fd8a-227e-f32eabb78c1c}
[2009.10.09 23:47:46 | 000,000,000 | ---D | M] (iFox) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2011.04.16 10:34:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.04.16 10:34:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\foxmarks@kei.com
[2010.01.21 21:26:53 | 000,002,321 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\searchplugins\forestle-de.xml
[2008.10.28 08:34:32 | 000,001,196 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\searchplugins\winamp-search.xml
[2011.04.30 10:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.27 16:10:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.20 09:18:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.18 17:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.20 10:57:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.17 10:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.10.14 18:09:13 | 000,001,345 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:    127.0.0.1 activate.adobe.com
O1 - Hosts:    127.0.0.1 practivate.adobe.com
O1 - Hosts:    127.0.0.1 ereg.adobe.com
O1 - Hosts:    127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:    127.0.0.1 wip3.adobe.com
O1 - Hosts:    127.0.0.1 3dns-3.adobe.com
O1 - Hosts:    127.0.0.1 3dns-2.adobe.com
O1 - Hosts:    127.0.0.1 adobe-dns.adobe.com
O1 - Hosts:    127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts:    127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts:    127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:    127.0.0.1 activate-sea.adobe.com
O1 - Hosts:    127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts:    127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:    127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell - "" = AutoRun
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.02 13:31:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.02 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.02 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.05.02 13:22:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\der Jipi\Desktop\Erunt-setup.exe
[2011.05.02 13:22:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
[2011.05.02 13:22:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\TFC.exe
[2011.04.29 19:36:42 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011.04.23 17:45:29 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\.traverso
[2011.04.23 17:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traverso
[2011.04.23 17:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traverso
[2011.04.23 11:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 11:34:59 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.23 11:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.18 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\Desktop\kjr
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.02 13:32:54 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 13:32:54 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 13:30:59 | 000,000,920 | ---- | M] () -- C:\Users\der Jipi\Desktop\NTREGOPT.lnk
[2011.05.02 13:30:59 | 000,000,901 | ---- | M] () -- C:\Users\der Jipi\Desktop\ERUNT.lnk
[2011.05.02 13:29:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.02 13:29:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.02 13:29:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.02 13:29:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.02 13:29:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.02 13:25:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.02 13:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.02 13:25:13 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.02 13:23:24 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\der Jipi\Desktop\Erunt-setup.exe
[2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
[2011.05.02 13:23:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\TFC.exe
[2011.05.02 13:19:11 | 000,377,282 | ---- | M] () -- C:\Users\der Jipi\Desktop\Load.exe
[2011.05.02 13:01:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 17:26:31 | 000,091,911 | ---- | M] () -- C:\Users\der Jipi\Desktop\V50_Spezial_Schaltplan_ohne_Blinker.jpg
[2011.04.23 11:37:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.17 18:05:12 | 002,891,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.15 10:57:38 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
 
========== Files Created - No Company Name ==========
 
[2011.05.02 13:30:59 | 000,000,920 | ---- | C] () -- C:\Users\der Jipi\Desktop\NTREGOPT.lnk
[2011.05.02 13:30:59 | 000,000,901 | ---- | C] () -- C:\Users\der Jipi\Desktop\ERUNT.lnk
[2011.05.02 13:22:35 | 000,377,282 | ---- | C] () -- C:\Users\der Jipi\Desktop\Load.exe
[2011.04.30 10:17:25 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.27 17:26:29 | 000,091,911 | ---- | C] () -- C:\Users\der Jipi\Desktop\V50_Spezial_Schaltplan_ohne_Blinker.jpg
[2011.04.23 11:37:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.29 02:02:33 | 000,151,602 | ---- | C] () -- C:\Windows\SysWow64\pspnt.dll
[2011.01.29 02:02:33 | 000,065,606 | ---- | C] () -- C:\Windows\SysWow64\rmvport.exe
[2010.12.12 16:27:38 | 000,001,526 | ---- | C] () -- C:\Windows\ImpactView.INI
[2010.11.17 21:54:08 | 000,001,640 | ---- | C] () -- C:\Users\der Jipi\AppData\Roaming\gnuplot_history
[2010.09.13 19:50:42 | 000,450,560 | ---- | C] () -- C:\Windows\mlib.dll
[2010.09.13 19:50:42 | 000,376,832 | ---- | C] () -- C:\Windows\libmwfftw.dll
[2010.09.13 19:50:42 | 000,229,376 | ---- | C] () -- C:\Windows\sgl.dll
[2010.09.13 19:50:42 | 000,176,128 | ---- | C] () -- C:\Windows\libmwumfpack.dll
[2010.09.13 19:50:42 | 000,057,344 | ---- | C] () -- C:\Windows\libmwlapack.dll
[2010.09.13 19:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\libmwgcl.dll
[2010.09.13 19:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\libmwcl.dll
[2010.09.13 19:50:41 | 001,662,976 | ---- | C] () -- C:\Windows\lapack.dll
[2010.09.13 19:50:41 | 001,048,576 | ---- | C] () -- C:\Windows\atlas_PIII.dll
[2010.09.13 19:50:41 | 000,868,352 | ---- | C] () -- C:\Windows\hg_sgl.dll
[2010.09.13 19:50:41 | 000,765,952 | ---- | C] () -- C:\Windows\libmatlb.dll
[2010.09.13 19:50:41 | 000,421,888 | ---- | C] () -- C:\Windows\gui_sgl.dll
[2010.09.13 19:50:41 | 000,110,592 | ---- | C] () -- C:\Windows\hardcopy_sgl.dll
[2010.09.13 19:50:41 | 000,053,248 | ---- | C] () -- C:\Windows\ismembc.dll
[2010.09.13 19:50:41 | 000,020,480 | ---- | C] () -- C:\Windows\convnc.dll
[2010.08.26 15:37:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.19 23:20:50 | 000,000,600 | ---- | C] () -- C:\Users\der Jipi\AppData\Roaming\winscp.rnd
[2010.05.01 21:41:25 | 000,004,608 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.06 18:00:33 | 000,096,788 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.13 14:37:57 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2010.02.13 14:37:57 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2010.02.13 14:37:57 | 000,037,376 | ---- | C] () -- C:\Windows\CPLUtl64.exe
[2010.02.13 14:36:51 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2010.01.24 17:18:01 | 000,007,601 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\Resmon.ResmonCfg
[2009.10.14 14:20:01 | 000,000,600 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\PUTTY.RND
[2009.10.09 23:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.09 21:06:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.02.23 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Artisteer
[2011.03.26 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Audacity
[2010.11.30 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\CadSoft
[2010.11.10 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.05.02 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Dropbox
[2010.12.23 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\FileZilla
[2009.11.23 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Funambol
[2009.10.10 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Notepad++
[2009.10.14 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\OpenOffice.org
[2010.03.31 01:04:15 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Reign of Augustus
[2009.11.12 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Subversion
[2010.12.16 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\TeamViewer
[2010.09.10 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Thunderbird
[2009.11.27 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Trillian
[2010.07.20 08:16:45 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\TrueCrypt
[2010.11.09 22:49:29 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\xm1
[2011.02.06 12:52:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.12.20 17:51:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.09.20 12:10:29 | 000,000,000 | ---D | M] -- C:\adaptec
[2009.10.09 22:03:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.09 21:32:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.26 20:48:24 | 000,000,000 | ---D | M] -- C:\jDownloader
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.23 11:37:14 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.02 13:30:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2010.11.09 23:54:36 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.09 21:32:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.09 21:32:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.02 13:34:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.09.13 20:21:19 | 000,000,000 | ---D | M] -- C:\temp_buffer
[2010.04.23 18:44:28 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.02 13:31:17 | 000,000,000 | ---D | M] -- C:\Windows
[2010.05.28 23:47:19 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB
[2009.11.02 13:15:41 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
--- --- ---


Und Extras.txt sagt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.05.2011 13:32:24 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\der Jipi\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 36,62 Gb Total Space | 2,13 Gb Free Space | 5,83% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 39,56 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive E: | 75,68 Gb Total Space | 4,98 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive F: | 353,45 Gb Total Space | 28,54 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
 
Computer Name: RRIF | User Name: der Jipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 9.0.600.2
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F318330F-DE7D-4B22-AF7C-C3760DDC2EF3}" = Xmarks for IE
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.3.0
"DC2dInvRes_is1" = DC2dInvRes v. 2.12.0
"EADM" = EA Download Manager
"EAGLE 5.10.0" = EAGLE 5.10.0
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.3
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA-Treiber
"IXRefraX" = IXRefraX
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Notepad++" = Notepad++
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Speccy" = Speccy
"Tera Term_is1" = Tera Term 4.64
"Texmaker" = Texmaker
"Traverso_is1" = Traverso 0.49.1
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"winscp3_is1" = WinSCP 4.2.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2011 14:44:41 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1474    Startzeit:
 01cc0441b27aa1f3    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 3d62b989-7035-11e0-81c4-001558aef1bb  
 
Error - 26.04.2011 15:34:09 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.04.2011 15:34:52 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2011 04:34:57 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2011 04:35:21 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2011 08:33:43 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 3270    Startzeit:
 01cc04d154256c8b    Endzeit: 17    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:
   
 
Error - 27.04.2011 09:06:08 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2a88    Startzeit:
 01cc04d7a63aeb95    Endzeit: 30    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:
   
 
Error - 29.04.2011 09:16:06 | Computer Name = RRiF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dropbox.exe, Version: 0.7.110.0, 
Zeitstempel: 0x477b8d63  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000103bb  ID des fehlerhaften
 Prozesses: 0x964  Startzeit der fehlerhaften Anwendung: 0x01cc066f8d0cec03  Pfad der
 fehlerhaften Anwendung: C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d6b115df-7262-11e0-a4fe-001558aef1bb
 
Error - 30.04.2011 04:12:36 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e80    Startzeit: 
01cc070e10a8aaa4    Endzeit: 118    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 996d1649-7301-11e0-a942-001558aef1bb  
 
Error - 30.04.2011 11:42:09 | Computer Name = RRiF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CS4ServiceManager.exe, Version: 4.0.0.344,
 Zeitstempel: 0x48a440f3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000103bb  ID des fehlerhaften
 Prozesses: 0xa40  Startzeit der fehlerhaften Anwendung: 0x01cc074d236198ec  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 6870baf7-7340-11e0-8d78-001558aef1bb
 
[ System Events ]
Error - 02.05.2011 06:56:27 | Computer Name = RRiF | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.05.2011 07:24:16 | Computer Name = RRiF | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 02.05.2011 07:24:21 | Computer Name = RRiF | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 02.05.2011 07:25:09 | Computer Name = RRiF | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 02.05.2011 07:25:14 | Computer Name = RRiF | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = DCOM | ID = 10005
Description = 
 
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 02.05.2011 07:26:52 | Computer Name = RRiF | Source = DCOM | ID = 10010
Description = 
 
Error - 02.05.2011 07:32:08 | Computer Name = RRiF | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---



Ich bedanke mich schonmal vielmals für eure Hilfe.
Schöne Grüße!

Edit:
Das Problem mit dem Online Banking tritt - wie ich gerade festgestellt habe - nur im Firefox auf, nicht aber im Chrome oder IE. Habe gestern erst Version 4 vom Firefox installiert. Davor habe ich das Problem zumindest noch nicht entdeckt.

Geändert von der_jipi (02.05.2011 um 13:35 Uhr)

Alt 02.05.2011, 13:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 02.05.2011, 14:57   #3
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Der obige Link ist abhanden gekommen, ich meinte damit diesen Thread: http://www.trojaner-board.de/98420-t...e-banking.html (Die Links werden irgndwie nicht gespeichert)

Malwarebytes sagt folgendes in der einzigen Logdatei, die unter dem entsprechenden Reiter angezeigt wird:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6491

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.05.2011 15:46:28
mbam-log-2011-05-02 (15-46-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152888
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 02.05.2011, 15:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2011, 23:23   #5
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Ok also hier der ausführliche Scan.
Die erste Datei ist ein Programm, dass mir die SN meiner Win7 Installation anzeigt. Ich habe von meiner Uni aus 3 Lizenzen bekommen und wusste nicht mehr, welche frei war und welche schon installiert... Zuletzt benutzt vor ca. einem halben Jahr.
Die zweite Datei ist irgendein Script von einem Spiel. Alles was damit zusammenhängt habe ich mindestens zwei Jahre nicht mehr angefasst (vor allem noch nie, seit ich Win7 drauf habe).

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6493

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.05.2011 23:52:25
mbam-log-2011-05-02 (23-52-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 598531
Laufzeit: 1 Stunde(n), 34 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\firefox dls\produkey141\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.
e:\spielplatz\awesom-o 3.5.6\Redvex\brring.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         


Alt 03.05.2011, 08:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell - "" = AutoRun
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Banking Trojaner? Sparda Bank

Alt 03.05.2011, 10:48   #7
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



...ist erledigt. Diese exe-Dateien und einige Registry-Keys konnte er wohl nicht finden:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
File J:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
File L:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: der Jipi
->Temp folder emptied: 95421 bytes
->Temporary Internet Files folder emptied: 2835197 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34454664 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2320 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 36,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05032011_112706

Files\Folders moved on Reboot...
C:\Users\der Jipi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 03.05.2011, 10:57   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.05.2011, 11:27   #9
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Vielen Dank übrigens für die ausführliche und individuelle Hilfe!

Dieses Kaspersky Tool hat laut der Anzeige im ui nichts finden können. Hier ist das Log dazu:

Code:
ATTFilter
2011/05/03 12:23:46.0180 4456	TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/03 12:23:46.0336 4456	================================================================================
2011/05/03 12:23:46.0336 4456	SystemInfo:
2011/05/03 12:23:46.0336 4456	
2011/05/03 12:23:46.0336 4456	OS Version: 6.1.7600 ServicePack: 0.0
2011/05/03 12:23:46.0336 4456	Product type: Workstation
2011/05/03 12:23:46.0336 4456	ComputerName: RRIF
2011/05/03 12:23:46.0336 4456	UserName: der Jipi
2011/05/03 12:23:46.0336 4456	Windows directory: C:\Windows
2011/05/03 12:23:46.0336 4456	System windows directory: C:\Windows
2011/05/03 12:23:46.0336 4456	Running under WOW64
2011/05/03 12:23:46.0336 4456	Processor architecture: Intel x64
2011/05/03 12:23:46.0336 4456	Number of processors: 2
2011/05/03 12:23:46.0336 4456	Page size: 0x1000
2011/05/03 12:23:46.0336 4456	Boot type: Normal boot
2011/05/03 12:23:46.0336 4456	================================================================================
2011/05/03 12:23:46.0594 4456	Initialize success
2011/05/03 12:23:47.0716 5360	================================================================================
2011/05/03 12:23:47.0716 5360	Scan started
2011/05/03 12:23:47.0716 5360	Mode: Manual; 
2011/05/03 12:23:47.0716 5360	================================================================================
2011/05/03 12:23:49.0117 5360	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/03 12:23:49.0153 5360	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/03 12:23:49.0188 5360	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/03 12:23:49.0235 5360	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/05/03 12:23:49.0399 5360	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/03 12:23:49.0544 5360	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/03 12:23:49.0681 5360	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/03 12:23:49.0771 5360	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/03 12:23:49.0813 5360	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/03 12:23:49.0861 5360	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/03 12:23:49.0881 5360	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/03 12:23:49.0919 5360	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/03 12:23:49.0943 5360	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/03 12:23:49.0970 5360	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/03 12:23:49.0998 5360	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/03 12:23:50.0033 5360	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/03 12:23:50.0145 5360	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/03 12:23:50.0295 5360	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/03 12:23:50.0326 5360	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/03 12:23:50.0368 5360	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 12:23:50.0396 5360	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/03 12:23:50.0614 5360	atikmdag        (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/03 12:23:50.0721 5360	avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/03 12:23:50.0802 5360	avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/03 12:23:50.0856 5360	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/05/03 12:23:50.0922 5360	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/03 12:23:50.0972 5360	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/03 12:23:51.0036 5360	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/03 12:23:51.0100 5360	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/03 12:23:51.0466 5360	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 12:23:51.0512 5360	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/03 12:23:51.0533 5360	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/03 12:23:51.0587 5360	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/03 12:23:51.0620 5360	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/03 12:23:51.0645 5360	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/03 12:23:51.0759 5360	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/03 12:23:51.0795 5360	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/03 12:23:51.0856 5360	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 12:23:51.0910 5360	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/03 12:23:51.0961 5360	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/03 12:23:52.0010 5360	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/03 12:23:52.0056 5360	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 12:23:52.0088 5360	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/03 12:23:52.0133 5360	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/03 12:23:52.0163 5360	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 12:23:52.0209 5360	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/03 12:23:52.0249 5360	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/03 12:23:52.0372 5360	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/05/03 12:23:52.0434 5360	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 12:23:52.0476 5360	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/03 12:23:52.0552 5360	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/03 12:23:52.0630 5360	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 12:23:52.0677 5360	DXGKrnl         (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 12:23:52.0786 5360	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/03 12:23:52.0864 5360	ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/03 12:23:52.0926 5360	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/03 12:23:52.0958 5360	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/03 12:23:53.0004 5360	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/03 12:23:53.0036 5360	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 12:23:53.0067 5360	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 12:23:53.0129 5360	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 12:23:53.0160 5360	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 12:23:53.0207 5360	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 12:23:53.0254 5360	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 12:23:53.0301 5360	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/03 12:23:53.0332 5360	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 12:23:53.0379 5360	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/03 12:23:53.0441 5360	FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/05/03 12:23:53.0504 5360	fwlanusbn       (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
2011/05/03 12:23:53.0550 5360	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/03 12:23:53.0582 5360	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 12:23:53.0691 5360	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/03 12:23:53.0753 5360	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 12:23:53.0800 5360	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/03 12:23:53.0831 5360	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/03 12:23:53.0862 5360	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/03 12:23:53.0894 5360	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/03 12:23:53.0940 5360	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/03 12:23:53.0987 5360	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/03 12:23:54.0034 5360	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 12:23:54.0081 5360	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/03 12:23:54.0112 5360	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/03 12:23:54.0159 5360	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/03 12:23:54.0206 5360	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/03 12:23:54.0315 5360	IntcAzAudAddService (c1e2d46eb6e533dd087c684d33411f4a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/03 12:23:54.0393 5360	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/03 12:23:54.0424 5360	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 12:23:54.0471 5360	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 12:23:54.0502 5360	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/03 12:23:54.0533 5360	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/03 12:23:54.0596 5360	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 12:23:54.0627 5360	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/03 12:23:54.0658 5360	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/03 12:23:54.0705 5360	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/03 12:23:54.0736 5360	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/03 12:23:54.0767 5360	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 12:23:54.0814 5360	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/03 12:23:54.0845 5360	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/03 12:23:54.0923 5360	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 12:23:54.0986 5360	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/03 12:23:55.0017 5360	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/03 12:23:55.0048 5360	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/03 12:23:55.0079 5360	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/03 12:23:55.0126 5360	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/03 12:23:55.0157 5360	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/03 12:23:55.0188 5360	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/03 12:23:55.0235 5360	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/03 12:23:55.0266 5360	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 12:23:55.0298 5360	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/03 12:23:55.0344 5360	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 12:23:55.0376 5360	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 12:23:55.0407 5360	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/03 12:23:55.0422 5360	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 12:23:55.0469 5360	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 12:23:55.0516 5360	mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 12:23:55.0563 5360	mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 12:23:55.0594 5360	mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 12:23:55.0625 5360	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/03 12:23:55.0656 5360	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/03 12:23:55.0750 5360	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 12:23:55.0781 5360	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/03 12:23:55.0812 5360	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/03 12:23:55.0875 5360	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 12:23:55.0906 5360	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 12:23:55.0922 5360	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 12:23:55.0968 5360	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 12:23:56.0015 5360	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/03 12:23:56.0046 5360	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 12:23:56.0078 5360	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/03 12:23:56.0109 5360	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/03 12:23:56.0171 5360	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 12:23:56.0234 5360	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/03 12:23:56.0280 5360	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/03 12:23:56.0327 5360	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 12:23:56.0343 5360	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 12:23:56.0374 5360	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 12:23:56.0421 5360	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 12:23:56.0452 5360	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 12:23:56.0499 5360	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 12:23:56.0577 5360	netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/05/03 12:23:56.0639 5360	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/03 12:23:56.0670 5360	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 12:23:56.0702 5360	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 12:23:56.0764 5360	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 12:23:56.0826 5360	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/03 12:23:57.0170 5360	nvlddmkm        (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/03 12:23:57.0529 5360	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/03 12:23:57.0778 5360	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/03 12:23:57.0825 5360	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/03 12:23:57.0856 5360	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/03 12:23:57.0965 5360	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/03 12:23:57.0997 5360	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 12:23:58.0028 5360	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/03 12:23:58.0059 5360	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/03 12:23:58.0090 5360	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/03 12:23:58.0121 5360	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/03 12:23:58.0153 5360	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/03 12:23:58.0293 5360	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 12:23:58.0324 5360	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/03 12:23:58.0355 5360	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 12:23:58.0402 5360	PxHlpa64        (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/03 12:23:58.0465 5360	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/03 12:23:58.0527 5360	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/03 12:23:58.0558 5360	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 12:23:58.0589 5360	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 12:23:58.0636 5360	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/03 12:23:58.0667 5360	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 12:23:58.0714 5360	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 12:23:58.0745 5360	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 12:23:58.0777 5360	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 12:23:58.0808 5360	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/03 12:23:58.0839 5360	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 12:23:58.0886 5360	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/05/03 12:23:58.0948 5360	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 12:23:58.0979 5360	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/03 12:23:59.0011 5360	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 12:23:59.0073 5360	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/03 12:23:59.0135 5360	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 12:23:59.0198 5360	RTL8167         (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/03 12:23:59.0245 5360	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/03 12:23:59.0291 5360	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/03 12:23:59.0323 5360	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/03 12:23:59.0385 5360	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 12:23:59.0447 5360	Ser2at          (210285d5fdfb06fc25f889c7487cd4e2) C:\Windows\system32\DRIVERS\ser2at64.sys
2011/05/03 12:23:59.0479 5360	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/03 12:23:59.0510 5360	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/03 12:23:59.0541 5360	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/03 12:23:59.0603 5360	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/03 12:23:59.0635 5360	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/03 12:23:59.0650 5360	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/03 12:23:59.0666 5360	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/03 12:23:59.0728 5360	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/03 12:23:59.0744 5360	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/03 12:23:59.0791 5360	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 12:23:59.0853 5360	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/03 12:23:59.0915 5360	srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 12:23:59.0962 5360	srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 12:24:00.0025 5360	srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 12:24:00.0071 5360	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/03 12:24:00.0118 5360	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/03 12:24:00.0149 5360	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/03 12:24:00.0181 5360	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/03 12:24:00.0290 5360	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 12:24:00.0399 5360	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 12:24:00.0446 5360	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 12:24:00.0477 5360	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 12:24:00.0508 5360	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 12:24:00.0555 5360	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 12:24:00.0586 5360	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/03 12:24:00.0680 5360	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 12:24:00.0727 5360	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 12:24:00.0758 5360	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/03 12:24:00.0805 5360	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 12:24:00.0867 5360	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/03 12:24:00.0914 5360	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/03 12:24:00.0945 5360	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/03 12:24:01.0007 5360	USBAAPL64       (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/03 12:24:01.0054 5360	usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/03 12:24:01.0085 5360	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/03 12:24:01.0132 5360	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/03 12:24:01.0163 5360	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 12:24:01.0210 5360	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/03 12:24:01.0257 5360	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/03 12:24:01.0273 5360	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/03 12:24:01.0304 5360	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/03 12:24:01.0335 5360	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 12:24:01.0429 5360	VBoxDrv         (781f08d3bd8fc0d052bbf5b0ac25da40) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/05/03 12:24:01.0491 5360	VBoxNetAdp      (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/05/03 12:24:01.0538 5360	VBoxNetFlt      (d9713bc7825e499532805f7dd80797ec) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/05/03 12:24:01.0585 5360	VBoxUSBMon      (44385ae4255f7bd14cee41b7cd627dfc) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/05/03 12:24:01.0616 5360	VClone          (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/03 12:24:01.0663 5360	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/03 12:24:01.0725 5360	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 12:24:01.0756 5360	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/03 12:24:01.0772 5360	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/03 12:24:01.0803 5360	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/03 12:24:01.0850 5360	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/03 12:24:01.0881 5360	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/03 12:24:01.0928 5360	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/03 12:24:01.0975 5360	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 12:24:02.0006 5360	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/03 12:24:02.0053 5360	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/03 12:24:02.0084 5360	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/03 12:24:02.0115 5360	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/03 12:24:02.0146 5360	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/03 12:24:02.0209 5360	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 12:24:02.0224 5360	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 12:24:02.0287 5360	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/03 12:24:02.0318 5360	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 12:24:02.0474 5360	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/03 12:24:02.0521 5360	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/03 12:24:02.0661 5360	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/03 12:24:02.0708 5360	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/03 12:24:02.0770 5360	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 12:24:02.0873 5360	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/03 12:24:02.0918 5360	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 12:24:03.0038 5360	================================================================================
2011/05/03 12:24:03.0038 5360	Scan finished
2011/05/03 12:24:03.0038 5360	================================================================================
         

Alt 03.05.2011, 12:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.05.2011, 14:15   #11
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Zwischendrin kam eine Windows-Fehlermeldung "REV.exe funktioniert nicht mehr richtig und wird geschlossen".

CF selbst hat ganz schöne lange gedauert und folgendes Resultat geliefert:

log.txt:
Code:
ATTFilter
ComboFix 11-05-02.04 - der Jipi 03.05.2011  14:26:15.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\users\der Jipi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\jdownloader\jDownloader.exe
C:\SystemData
c:\systemdata\config.bin
c:\systemdata\SystemData.exe
c:\windows\system32\drivers\etc\hosts1
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-03 bis 2011-05-03  ))))))))))))))))))))))))))))))
.
.
2011-05-03 13:04 . 2011-05-03 13:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-02 11:30 . 2011-05-02 11:31	--------	d-----w-	c:\program files (x86)\ERUNT
2011-04-30 08:17 . 2011-04-14 16:40	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-30 08:17 . 2011-04-14 16:40	89048	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-30 08:17 . 2011-04-14 16:40	781272	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-30 08:17 . 2011-04-14 16:40	465880	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-30 08:17 . 2011-04-14 16:40	1874904	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-30 08:17 . 2011-04-14 16:40	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-30 08:17 . 2010-01-01 08:00	1974616	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 08:17 . 2010-01-01 08:00	1892184	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 17:36 . 2011-04-29 17:36	119808	----a-r-	c:\users\der Jipi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-23 15:45 . 2011-04-23 15:45	--------	d-----w-	c:\users\der Jipi\.traverso
2011-04-23 15:41 . 2011-04-23 15:41	--------	d-----w-	c:\program files (x86)\Traverso
2011-04-23 09:37 . 2011-04-23 09:37	--------	d-----w-	c:\program files\iPod
2011-04-23 09:37 . 2011-04-23 09:37	--------	d-----w-	c:\program files\iTunes
2011-04-23 09:34 . 2011-04-23 09:35	--------	d-----w-	c:\program files\Bonjour
2011-04-23 09:34 . 2011-04-23 09:35	--------	d-----w-	c:\program files (x86)\Bonjour
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2011-02-18 15:36	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 07:17	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-10-09 21:53	270720	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-14 1038088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 171520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-257FA97667CE86F3 - c:\systemdata\SystemData.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03  15:07:45
ComboFix-quarantined-files.txt  2011-05-03 13:07
.
Vor Suchlauf: 2.056.126.464 Bytes frei
Nach Suchlauf: 2.268.540.928 Bytes frei
.
- - End Of File - - 73A29EFF0D25E4F09CAC9505339D69A1
         

C:/ComboFix.txt (Ich glaub da steht das gleiche drin):
Code:
ATTFilter
ComboFix 11-05-02.04 - der Jipi 03.05.2011  14:26:15.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\users\der Jipi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\jdownloader\jDownloader.exe
C:\SystemData
c:\systemdata\config.bin
c:\systemdata\SystemData.exe
c:\windows\system32\drivers\etc\hosts1
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-03 bis 2011-05-03  ))))))))))))))))))))))))))))))
.
.
2011-05-03 13:04 . 2011-05-03 13:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-02 11:30 . 2011-05-02 11:31	--------	d-----w-	c:\program files (x86)\ERUNT
2011-04-30 08:17 . 2011-04-14 16:40	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-30 08:17 . 2011-04-14 16:40	89048	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-30 08:17 . 2011-04-14 16:40	781272	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-30 08:17 . 2011-04-14 16:40	465880	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-30 08:17 . 2011-04-14 16:40	1874904	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-30 08:17 . 2011-04-14 16:40	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-30 08:17 . 2010-01-01 08:00	1974616	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 08:17 . 2010-01-01 08:00	1892184	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 17:36 . 2011-04-29 17:36	119808	----a-r-	c:\users\der Jipi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-23 15:45 . 2011-04-23 15:45	--------	d-----w-	c:\users\der Jipi\.traverso
2011-04-23 15:41 . 2011-04-23 15:41	--------	d-----w-	c:\program files (x86)\Traverso
2011-04-23 09:37 . 2011-04-23 09:37	--------	d-----w-	c:\program files\iPod
2011-04-23 09:37 . 2011-04-23 09:37	--------	d-----w-	c:\program files\iTunes
2011-04-23 09:34 . 2011-04-23 09:35	--------	d-----w-	c:\program files\Bonjour
2011-04-23 09:34 . 2011-04-23 09:35	--------	d-----w-	c:\program files (x86)\Bonjour
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2011-02-18 15:36	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 07:17	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-10-09 21:53	270720	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-14 1038088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	97792	----a-w-	c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55	97032	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 171520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-257FA97667CE86F3 - c:\systemdata\SystemData.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03  15:07:45
ComboFix-quarantined-files.txt  2011-05-03 13:07
.
Vor Suchlauf: 2.056.126.464 Bytes frei
Nach Suchlauf: 2.268.540.928 Bytes frei
.
- - End Of File - - 73A29EFF0D25E4F09CAC9505339D69A1
         

Alt 03.05.2011, 14:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.05.2011, 15:23   #13
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



"GMER hasn't found any Entries", oder so ähnlich

Und MBRCheck:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Professional
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	Foxconn
BIOS Manufacturer:		Phoenix Technologies, LTD
System Manufacturer:		OEM
System Product Name:		OEM
Logical Drives Mask:		0x000001fc

Kernel Drivers (total 190):
  0x02E64000 \SystemRoot\system32\ntoskrnl.exe
  0x02E1B000 \SystemRoot\system32\hal.dll
  0x00BC4000 \SystemRoot\system32\kdcom.dll
  0x00CC4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D08000 \SystemRoot\system32\PSHED.dll
  0x00D1C000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00ED1000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F75000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F84000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FDB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00FE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00EC6000 \SystemRoot\system32\DRIVERS\intelide.sys
  0x00FEE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00D7A000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00D81000 \SystemRoot\System32\drivers\mountmgr.sys
  0x010AE000 \SystemRoot\system32\DRIVERS\iaStorV.sys
  0x011CC000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x011D5000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x01000000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x0100B000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x01016000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01062000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01076000 \SystemRoot\System32\Drivers\PxHlpa64.sys
  0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x00D9B000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013AE000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01472000 \SystemRoot\System32\Drivers\cng.sys
  0x014E5000 \SystemRoot\System32\drivers\pcw.sys
  0x014F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01500000 \SystemRoot\system32\drivers\ndis.sys
  0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
  0x013C8000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01602000 \SystemRoot\System32\drivers\tcpip.sys
  0x01805000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0184F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0185F000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x018AB000 \SystemRoot\System32\Drivers\spldr.sys
  0x018B3000 \SystemRoot\System32\drivers\rdyboost.sys
  0x018ED000 \SystemRoot\System32\Drivers\mup.sys
  0x018FF000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01908000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01942000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01958000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01996000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x019C0000 \SystemRoot\System32\Drivers\Null.SYS
  0x019C9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x019D0000 \SystemRoot\System32\drivers\vga.sys
  0x01082000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x019DE000 \SystemRoot\System32\drivers\watchdog.sys
  0x019EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x019F7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01988000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01460000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03CED000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03CFE000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03D1C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03D29000 \SystemRoot\system32\drivers\afd.sys
  0x03DB3000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03C00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03C09000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03C2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03C45000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03C54000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03C71000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03C8C000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
  0x03C98000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
  0x03A2C000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
  0x03A6C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03A80000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03AD1000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03ADD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03AE8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x03AF2000 \SystemRoot\System32\drivers\discache.sys
  0x03B01000 \SystemRoot\system32\drivers\csc.sys
  0x03B84000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03BA2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03BB3000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x03BD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x03A00000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0485C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x05320000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x02C37000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x02D2B000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x02D71000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x02D95000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x02DE4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x02DF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x05322000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x02C00000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x05378000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x02C11000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x02C1E000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x053B6000 \SystemRoot\system32\DRIVERS\parport.sys
  0x053D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x053E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x02C2A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04824000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03CC8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x042CA000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x042EB000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04305000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
  0x04327000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04332000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x04341000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04350000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x0435F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x0438E000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0x043B5000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x043B7000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04200000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04212000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0426C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x03ECB000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x040EA000 \SystemRoot\system32\drivers\portcls.sys
  0x04127000 \SystemRoot\system32\drivers\drmk.sys
  0x04149000 \SystemRoot\system32\drivers\ksthunk.sys
  0x000A0000 \SystemRoot\System32\win32k.sys
  0x0415D000 \SystemRoot\System32\drivers\Dxapi.sys
  0x04169000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x04177000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x04190000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04199000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x0419B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x041B8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x041C5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x041D3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00440000 \SystemRoot\System32\TSDDD.dll
  0x00600000 \SystemRoot\System32\cdd.dll
  0x00850000 \SystemRoot\System32\ATMFD.DLL
  0x03E00000 \SystemRoot\system32\drivers\luafv.sys
  0x03E23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x03E40000 \SystemRoot\system32\drivers\WudfPf.sys
  0x03E61000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03E76000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x041E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x04281000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x034D2000 \SystemRoot\system32\drivers\HTTP.sys
  0x0359A000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x035B8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x035D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0344E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x03471000 \SystemRoot\System32\Drivers\adfs.SYS
  0x06898000 \SystemRoot\system32\drivers\peauth.sys
  0x0693E000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06949000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06976000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06988000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x06800000 \SystemRoot\System32\DRIVERS\srv.sys
  0x08D3A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x08D9F000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77600000 \Windows\System32\ntdll.dll
  0x48460000 \Windows\System32\smss.exe
  0xFF920000 \Windows\System32\apisetschema.dll
  0xFFC10000 \Windows\System32\autochk.exe
  0xFF890000 \Windows\System32\difxapi.dll
  0xFF840000 \Windows\System32\Wldap32.dll
  0xFF710000 \Windows\System32\wininet.dll
  0xFF690000 \Windows\System32\shlwapi.dll
  0xFF5F0000 \Windows\System32\msvcrt.dll
  0xFF5E0000 \Windows\System32\lpk.dll
  0xFF4B0000 \Windows\System32\rpcrt4.dll
  0xFF3E0000 \Windows\System32\usp10.dll
  0x774E0000 \Windows\System32\kernel32.dll
  0xFF2D0000 \Windows\System32\msctf.dll
  0xFF2A0000 \Windows\System32\imm32.dll
  0xFF1C0000 \Windows\System32\oleaut32.dll
  0x777D0000 \Windows\System32\normaliz.dll
  0xFF120000 \Windows\System32\comdlg32.dll
  0xFF0D0000 \Windows\System32\ws2_32.dll
  0xFEF50000 \Windows\System32\urlmon.dll
  0xFEF30000 \Windows\System32\imagehlp.dll
  0xFE1A0000 \Windows\System32\shell32.dll
  0xFE180000 \Windows\System32\sechost.dll
  0x773E0000 \Windows\System32\user32.dll
  0xFDF70000 \Windows\System32\ole32.dll
  0xFDD10000 \Windows\System32\iertutil.dll
  0xFDCA0000 \Windows\System32\gdi32.dll
  0xFDC90000 \Windows\System32\nsi.dll
  0xFDBB0000 \Windows\System32\advapi32.dll
  0x777C0000 \Windows\System32\psapi.dll
  0xFD9D0000 \Windows\System32\setupapi.dll
  0xFD930000 \Windows\System32\clbcatq.dll

Processes (total 57):
       0 System Idle Process
       4 System
     280 C:\Windows\System32\smss.exe
     480 csrss.exe
     540 C:\Windows\System32\wininit.exe
     552 csrss.exe
     588 C:\Windows\System32\services.exe
     608 C:\Windows\System32\lsass.exe
     620 C:\Windows\System32\lsm.exe
     752 C:\Windows\System32\winlogon.exe
     780 C:\Windows\System32\svchost.exe
     864 C:\Windows\System32\nvvsvc.exe
     904 C:\Windows\System32\svchost.exe
     972 C:\Windows\System32\svchost.exe
     304 C:\Windows\System32\svchost.exe
     500 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\nvvsvc.exe
    1208 C:\Windows\System32\svchost.exe
    1388 C:\Windows\System32\spoolsv.exe
    1452 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1500 C:\Windows\System32\svchost.exe
    1632 C:\Windows\System32\taskhost.exe
    1816 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1840 C:\Windows\System32\dwm.exe
    1864 C:\Windows\explorer.exe
    1952 C:\xampp\xampp\apache\bin\httpd.exe
     796 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1156 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1192 C:\Windows\System32\conhost.exe
    1536 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
    1728 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1772 C:\Windows\System32\svchost.exe
    2380 C:\Program Files\Java\jre6\bin\jusched.exe
    2424 C:\xampp\xampp\apache\bin\httpd.exe
    2440 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3088 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    3096 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3364 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3740 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
    3828 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3840 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3960 C:\Program Files\iPod\bin\iPodService.exe
    2580 C:\Windows\System32\SearchIndexer.exe
    4124 C:\Windows\System32\svchost.exe
    4216 C:\Windows\System32\svchost.exe
    5640 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4872 C:\Windows\System32\svchost.exe
    1968 C:\Program Files\Java\jre6\bin\jucheck.exe
   11104 C:\Windows\explorer.exe
    8748 C:\Windows\System32\audiodg.exe
   12152 C:\Windows\explorer.exe
   11376 C:\Windows\System32\SearchProtocolHost.exe
   11468 C:\Windows\System32\SearchFilterHost.exe
   11876 C:\Users\der Jipi\Desktop\MBRCheck.exe
   11900 C:\Windows\System32\conhost.exe
   11672 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`27f55800  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000001c`13c68800  (NTFS)

PhysicalDrive0 Model Number: ST3500630A, Rev: 3.AAF   
PhysicalDrive1 Model Number: HDS722525VLSA80, Rev: V36OA6MA

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB  \\.\PhysicalDrive1   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
         

Alt 03.05.2011, 15:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2011, 22:19   #15
der_jipi
 
Banking Trojaner? Sparda Bank - Standard

Banking Trojaner? Sparda Bank



Hat ein wenig gedauert. Wie zuvor schon, hat er in einem dieser Uralten Ordner noch etwas gefunden. Ich würde vielleicht einfach den gesamten Ordner sicherheitshalber löschen? Macht das Sinn? Da ist eh nichts drin, was ich noch benötige:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6504

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.05.2011 15:53:39
mbam-log-2011-05-04 (15-53-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 600148
Laufzeit: 1 Stunde(n), 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/04/2011 at 08:20 PM

Application Version : 4.51.1000

Core Rules Database Version : 6984
Trace Rules Database Version: 4796

Scan type       : Complete Scan
Total Scan Time : 04:08:06

Memory items scanned      : 586
Memory threats detected   : 0
Registry items scanned    : 13753
Registry threats detected : 0
File items scanned        : 449193
File threats detected     : 1

Trojan.Agent/Gen-Frauder
	E:\SPIELPLATZ\AWESOM-O 3.5.6\REDVEX\LOGS\_STORELOGS.EXE
         

Geändert von der_jipi (04.05.2011 um 22:43 Uhr)

Antwort

Themen zu Banking Trojaner? Sparda Bank
64-bit, 7-zip, adobe, adobe after effects, analysis, antivir, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, canon, crystaldiskinfo, cs4/contributeieplugin.dll, ebanking, error, explorer, extras.txt, google, install.exe, location, logfile, mozilla, mozilla thunderbird, neu aufsetzen, oldtimer, photoshop, pixel, plug-in, problem, realtek, recuva, registry, richtlinie, rundll, saver, scan, schattenkopien, searchplugins, security, server, shortcut, software, start menu, stick, syswow64, tan-liste, third party, trojaner, trojaner?, virtualbox, webcheck, windows, winlogon.exe



Ähnliche Themen: Banking Trojaner? Sparda Bank


  1. Banking Software vs. Bank-Homepage
    Überwachung, Datenschutz und Spam - 16.08.2015 (16)
  2. Bank sperrt Online-Banking wegen Verdacht auf Trojaner Befall
    Log-Analyse und Auswertung - 04.08.2014 (20)
  3. Aufforderung zur Änderung der Telefon-Banking-Pin durch die Deutsche Bank
    Diskussionsforum - 02.08.2014 (0)
  4. Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner
    Log-Analyse und Auswertung - 13.06.2014 (22)
  5. Multi-Tan-Trojaner blockiert Online-Banking-Seite der Deutschen Bank
    Log-Analyse und Auswertung - 04.05.2013 (3)
  6. JS:Exploit.JS.Agent.AK - Online Banking Deutsche Bank Trojaner (?)
    Log-Analyse und Auswertung - 09.08.2012 (1)
  7. Sparda BW multiple TAN-Eingabe (100) - trotz Antivir
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (5)
  8. Deutsche Bank Online Banking - komplette Tan-Abfrage
    Plagegeister aller Art und deren Bekämpfung - 12.05.2012 (1)
  9. Sparda-Bank Cardreader gesucht
    Überwachung, Datenschutz und Spam - 22.03.2012 (19)
  10. Trojaner......alle email acounts rufen mich zu neuem Passwort auf. Bank sperrte mein online banking
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (1)
  11. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  12. Sparda Bank TAN Trojaner
    Log-Analyse und Auswertung - 20.05.2011 (3)
  13. Online-Banking gehackt ? Benachrichtigung von der Bank
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (6)
  14. 50 TAN Trojaner bei VR-Bank?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (6)
  15. Bank sperrt Online Banking angeblich Trojaner
    Log-Analyse und Auswertung - 10.10.2010 (3)
  16. TAN Trojaner beim Online Banking der Deutschen Bank :(
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (12)

Zum Thema Banking Trojaner? Sparda Bank - Hallo. Ich habe ein sehr ähnliches Problem wie der Herr in diesem Thread. Nach Regel 1 des Boards eröffne ich aber ein eugenes Thema dazu: Seit letzter Woche ist mir - Banking Trojaner? Sparda Bank...
Archiv
Du betrachtest: Banking Trojaner? Sparda Bank auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.