Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2011, 10:19   #1
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



Hallo, habe ein Problem. Nachdem ich gerade stutzig wurde, als ich beim Online-Banking aufgefordert wurde meine ganzen Tan-Codes einzugeben, hab ich den Zugang gleich sperren lassen und mein Antivirenprogramm (Avira AntiVir) übern Rechner laufen lassen. Der zeigt mir allerdings nichts an, was soll/kann ich nun tun? Gibt es ne Möglichkeit ohne den ganzen Rechner platt zu machen?

Wäre über jede Hilfe dankbar.

Geändert von piepmatz (04.05.2011 um 10:32 Uhr)

Alt 04.05.2011, 11:13   #2
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



erster suchlauf mit Malwarebytes Anti malware:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6502

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.05.2011 10:51:38
mbam-log-2011-05-04 (10-51-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158652
Laufzeit: 4 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 6
Infizierte Registrierungsschlüssel: 129
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 19
Infizierte Dateien: 80

Infizierte Speicherprozesse:
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3772 -> Unloaded process successfully.
c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> 3780 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} (Spyware.Passwords.XGen) -> Value: {4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\Nine\AppData\Local\temp\0.6755298003055331.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Nine\AppData\Local\temp\0.6857674893277272.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Nine\AppData\Roaming\Uwwiqy\gafyb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Nine\AppData\Local\temp\0.6586186380127718.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Nine\AppData\Local\temp\0.8845911210532038.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Nine\AppData\Local\temp\0.7010358027266214.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Nine\AppData\Local\temp\0.7216463734854425.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
__________________


Alt 04.05.2011, 11:13   #3
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



zweitr durchlauf:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6502

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.05.2011 11:11:05
mbam-log-2011-05-04 (11-11-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158180
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} (Trojan.ZbotR.Gen) -> Value: {4B43FFFE-38F9-B249-6066-D19D2C5D5DAB} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
__________________

Alt 04.05.2011, 11:22   #4
markusg
/// Malware-holic
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



hi
stelle dich schon mal drauf ein, dass du neu aufsetzen musst.
da du hier zb das sp2 noch hast, hat dein system wohl in letzter zeit keine updates gesehen, ist also nicht sonderlich verwunderlich das du trojaner auf dem pc hast.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.05.2011, 11:56   #5
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.05.2011 11:36:59 - Run 8
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 69,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 39,88 Gb Free Space | 29,04% Space Free | Partition Type: NTFS
 
Computer Name: NINE-PC | User Name: Nine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\CK Popup Killer\PKILL.EXE (CK Software)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Download\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Mozilla Firefox\components [2011.05.01 09:46:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.05.01 09:46:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\program files\Mozilla Thunderbird\components [2011.05.02 10:32:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\program files\Mozilla Thunderbird\plugins
 
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.01.09 16:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\postbox@postbox-inc.com
[2011.05.02 10:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions
[2010.06.01 09:17:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2010.05.20 16:21:19 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.11.09 14:05:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.09 14:05:28 | 000,000,000 | ---D | M] (Facebook Chat History Manager) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\fbchathistory@firechm.com
[2010.07.23 10:51:04 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\ffxtlbr@Facemoods.com
[2010.11.09 14:05:25 | 000,000,000 | ---D | M] (شريط أدوات فيس بوك) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\firefox@facebook.com
[2010.04.27 23:04:56 | 000,000,873 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\conduit.xml
[2010.11.16 11:59:20 | 000,002,059 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\daemon-search.xml
[2010.04.24 10:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.20 16:25:42 | 000,000,000 | ---D | M] (VMLoad) -- C:\MOZILLA FIREFOX\EXTENSIONS\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}
[2010.05.12 17:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.03.10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2010.08.12 17:58:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software)
O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..Trusted Domains: everestpoker.com ([account] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Nine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe - ()
MsConfig - StartUpReg: CK POPUP KILLER - hkey= - key= - C:\CK Popup Killer\PKILL.EXE (CK Software)
MsConfig - StartUpReg: HP Software Update - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2EE3FECF-7E3A-A41E-3B41-0F8E9F107B7D} - Internet Explorer
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.04 10:51:12 | 000,000,000 | ---D | C] -- C:\Users\Nine\Desktop\maleware
[2011.04.28 09:32:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 09:32:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 09:32:01 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.15 15:39:46 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:39:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:39:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:39:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:39:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:39:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:39:28 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:39:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:39:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:39:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 15:39:27 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 15:39:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:39:22 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:39:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 13:03:48 | 000,000,000 | ---D | C] -- C:\Users\Nine\Desktop\Neuer Ordner
[2011.04.13 22:47:12 | 000,000,000 | ---D | C] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft
[2009.12.10 14:57:34 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player10.0.42.34.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.04 11:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.05.04 10:53:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.04 10:53:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 10:53:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 10:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.04 10:53:18 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.04 10:45:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.04 10:36:31 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 09:42:56 | 000,000,680 | ---- | M] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat
[2011.05.01 18:11:49 | 000,153,600 | ---- | M] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.30 13:06:34 | 001,387,520 | ---- | M] () -- C:\Users\Nine\fbchathistory.dat
[2011.04.16 03:33:08 | 002,195,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.16 03:10:12 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.16 03:10:12 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.16 03:10:12 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.16 03:10:12 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.08 21:30:41 | 000,038,320 | ---- | M] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr
[2011.04.07 20:13:59 | 018,169,856 | ---- | M] () -- C:\Users\Nine\Documents\bewerbung portfolio.indd
[2011.04.07 20:01:01 | 001,338,726 | ---- | M] () -- C:\Users\Nine\Desktop\bewerbungsportfolio.pdf
 
========== Files Created - No Company Name ==========
 
[2011.05.04 10:36:31 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.07 19:49:23 | 001,338,726 | ---- | C] () -- C:\Users\Nine\Desktop\bewerbungsportfolio.pdf
[2011.04.07 18:24:17 | 018,169,856 | ---- | C] () -- C:\Users\Nine\Documents\bewerbung portfolio.indd
[2011.03.07 12:30:56 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.12.22 01:04:07 | 000,000,092 | ---- | C] () -- C:\Users\Nine\AppData\Local\fusioncache.dat
[2010.10.12 17:59:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.12 17:59:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.08.12 15:51:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.12 15:51:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.12 15:51:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.12 15:51:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.12 15:51:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.10 21:30:36 | 000,001,745 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010.03.14 13:29:31 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.01.30 15:56:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.08 18:59:14 | 000,024,206 | ---- | C] () -- C:\Users\Nine\AppData\Roaming\UserTile.png
[2009.12.21 18:42:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.15 16:57:13 | 000,000,680 | ---- | C] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat
[2009.12.14 20:27:17 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.12.14 20:26:12 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.11 12:36:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.11 12:36:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.10 15:58:30 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2009.12.09 17:36:01 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2009.12.09 04:11:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.12.08 10:08:48 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.12.08 04:23:45 | 000,081,920 | ---- | C] () -- C:\Windows\PGMONITOR.EXE
[2009.12.08 04:23:29 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.12.08 04:23:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.12.08 04:23:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.12.08 04:23:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.12.08 04:23:27 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.12.08 03:49:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.12.07 22:28:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.07 21:57:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.07 19:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.12.07 19:19:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.12.07 19:06:28 | 000,153,600 | ---- | C] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.16 13:11:34 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,195,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002.03.19 01:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\LAME_ENC.DLL
 
========== LOP Check ==========
 
[2010.02.25 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin
[2010.11.07 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo
[2010.11.16 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro
[2010.01.30 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\avidemux
[2011.04.14 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Azureus
[2010.11.16 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite
[2011.03.05 09:42:31 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox
[2011.04.13 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft
[2010.07.26 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.04 10:39:29 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Egyh
[2010.04.08 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Facebook
[2010.07.23 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla
[2011.03.03 09:54:08 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ!
[2011.02.10 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo
[2010.08.30 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express
[2010.12.22 01:11:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel
[2010.04.23 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\MAXON
[2010.10.01 12:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound
[2010.08.12 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions
[2010.05.12 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org
[2010.08.08 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Opera
[2010.02.01 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Passware
[2010.01.09 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Postbox
[2010.02.13 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache
[2010.05.31 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird
[2009.12.07 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software
[2011.05.04 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy
[2010.05.25 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad
[2011.05.04 11:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.05.04 10:52:34 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.22 16:38:47 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Adobe
[2009.12.13 20:48:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Ahead
[2010.02.25 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin
[2009.12.18 11:45:34 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Apple Computer
[2010.11.07 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo
[2010.11.16 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro
[2009.12.07 18:59:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\ATI
[2010.01.30 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\avidemux
[2010.08.12 00:01:44 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Avira
[2011.04.14 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Azureus
[2010.11.16 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite
[2010.03.22 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DivX
[2010.11.09 14:32:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Download Manager
[2011.03.05 09:42:31 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox
[2011.04.13 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft
[2010.07.26 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.04 10:39:29 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Egyh
[2010.04.08 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Facebook
[2010.07.23 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla
[2011.03.03 09:54:08 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ!
[2011.02.10 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo
[2010.02.04 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\HP
[2009.12.07 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Identities
[2010.08.30 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express
[2010.12.22 01:11:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel
[2009.12.17 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\InstallShield
[2009.12.07 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Macromedia
[2010.08.11 10:11:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Malwarebytes
[2010.04.23 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\MAXON
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Media Center Programs
[2009.12.09 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Media Player Classic
[2010.12.26 23:26:05 | 000,000,000 | --SD | M] -- C:\Users\Nine\AppData\Roaming\Microsoft
[2009.12.07 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Mozilla
[2010.10.01 12:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound
[2010.09.04 14:35:38 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Nero
[2010.08.12 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions
[2010.05.12 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org
[2010.08.08 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Opera
[2010.02.01 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Passware
[2010.01.09 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Postbox
[2010.02.13 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache
[2011.04.26 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Skype
[2011.01.06 17:00:16 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\skypePM
[2010.05.31 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter
[2010.02.10 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird
[2009.12.07 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software
[2011.05.04 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy
[2010.05.25 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad
[2009.12.08 01:24:00 | 000,000,000 | ---D | M] -- C:\Users\Nine\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.04 08:56:04 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Nine\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.04.13 23:17:02 | 008,558,520 | ---- | M] (Vuze Inc.) -- C:\Users\Nine\AppData\Roaming\Azureus\tmp\AZU5337319355604020666.tmp\Vuze_4.6.0.4b_win32.exe
[2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.04.10 19:48:01 | 000,089,831 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.04.08 17:34:30 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Nine\AppData\Roaming\Facebook\uninstall.exe
[2010.10.04 09:59:18 | 000,038,208 | ---- | M] () -- C:\Users\Nine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.12.26 23:26:05 | 000,010,134 | R--- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
[2010.12.26 23:26:05 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
[2010.12.26 23:26:05 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
[2010.12.26 23:26:05 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
[2010.12.26 23:26:05 | 000,008,854 | R--- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.16 11:58:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Alt 04.05.2011, 11:57   #6
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2011 11:36:59 - Run 8
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 69,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 39,88 Gb Free Space | 29,04% Space Free | Partition Type: NTFS
 
Computer Name: NINE-PC | User Name: Nine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2684614725-1401231723-2353267314-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{228227C2-90D9-4AF4-8573-92F40789B543}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3759C8FD-288C-4375-9338-144B7489D080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{5DC0259E-E3E9-4C3E-9B0C-10AA84761277}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{77F5F91A-8850-4BB8-B55F-D5F7FC0BB62C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B59F5A8-92D3-4C28-9817-3E61BDCC009D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B3046202-4CB0-4E13-ADFE-AF5938EB624A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CF6598A5-195E-48DC-BC15-E1BFE967BDCA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CF7F02B5-100E-45E1-93BE-01516909D5BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3BCFBA5-4C2A-4C94-B625-E6CFBBAAE060}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{EEACAF05-81AF-4D40-B7E2-4C5EA5E1ED87}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{FE4F37FE-0352-4360-B3AF-33AD0DE6AAB9}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07365381-3FB2-4F35-943C-CF01E3EDB0B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{07BBF3CC-7400-4FF0-A117-0E4CC83F7991}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B483577-36D2-46FA-AEF4-4C0BFECCE482}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12F3A1C9-7698-4CDE-9065-8E9384C63C51}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1929195F-3CDF-4673-8990-72446A226DC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25BA6A57-F8E0-42A0-9682-B48632E570D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26308D13-B04B-4117-93B7-02C0846AAA5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29D42D7D-3399-4594-B8BA-00E4EE47D86E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33444915-EA41-4E4F-A272-E38BB886773E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34875C2E-1DDB-442E-909D-BD8FD0203620}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{386734ED-8A74-44F4-B3D7-62427AB44579}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3BF96AB2-EA61-49BB-8A89-51648C15C61F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D303AA9-A042-451A-AC5F-E8D7AAE6971E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D88C44C-30DB-452D-800F-117007C7349E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{425B74BA-4DFA-48B4-BA19-2894DCAB3B03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{452F80CD-333E-46EE-B16D-11C5A329C1EE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{45BDDB72-E107-49F0-8088-AB8402008DEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4BDFAAC1-1EB9-49F8-909A-039E614A55E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4BF8D7B7-99A4-4D08-A322-3783273EE647}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4F17BC15-68CF-439C-84D4-53E29CA85A7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{516D7492-29CB-44EC-97F6-5776F9EA625E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D2518BA-9C9B-425F-AFFE-A0C6B9424EC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D6B05A6-655B-4246-A956-39CE6860D279}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D6C6CC1-F615-4E5E-AE4C-AA3C08A8121F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E62857F-252D-4BCE-925E-D7E75823DCBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F77A831-00DF-4675-B3D3-477E4046B0C1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{633F43C0-6B01-4E2E-A112-BF77774603DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6438AE9C-F07C-4ADF-B6F8-54A46962D7FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64D7B60C-178F-432E-A3DA-DAE701032E04}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{64DDA2CD-0657-4D16-8B32-EC5D1F2CFFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{666B9434-047F-47FE-B33F-34DFB4942650}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67F726F8-BE5E-4FBB-9626-F0FEBADC4FE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{71BC942A-E5B6-4A7E-BFBB-956214305491}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{761CEB3E-D92D-49CF-A43F-3A71C69FFE5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C612A5A-D584-43D2-B4BE-39AA8DF8F880}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7CEDFB29-F975-43DE-B79B-DB379B205B31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83CA8BE3-2C18-4AAF-8EA7-D7916D6B6395}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{846B9D67-B5D5-4FB3-AFCC-3D06DD0E6CAE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{87F0135F-0356-4D7B-ACF7-C09570F5596B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B066DBB-0A76-4C7B-94AA-1B30079C0457}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C57F5F0-2C73-4AC5-BE71-ED0CAC99A728}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E095CAC-01D4-40F3-9265-84BD3E31B87D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90C90F0C-C304-4E86-9B60-70068FE8C8B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94852CDE-8063-4222-9B69-555DEAF4261C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB763976-EA0A-4C40-BC9F-902CE7A54798}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1E64A3A-B475-4A9E-A1CA-6D45EA884D79}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B3BDF225-490A-4CC9-8565-2BEF2636EF27}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B760B632-1069-465D-8FDE-33E530CC4164}" = protocol=6 | dir=in | app=d:\download\freeyoutubedownloader_setup.exe | 
"{BA6441F0-EEE6-4EEA-B5E5-48A59811A475}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BCF9D0EB-4974-473D-AC28-DDFAF728EB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0B3D26E-9215-4744-9D5B-45FE27D9E1A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0BEA619-A2A8-44DE-85BD-DAE49BAD54B2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C60E8F53-AEA1-40C4-8554-9859FCE82BDE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C93C4574-0335-436E-9743-8227F77DFCCC}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{CA0AA68D-3842-41AA-98BB-7F2E64C1E60D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CC07DD16-C828-4AC1-8598-D016F4308D56}" = protocol=17 | dir=in | app=d:\download\freeyoutubedownloader_setup.exe | 
"{CD1AE4F6-46F3-4BE9-99B0-D987D17197B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD698618-855D-4D31-B19F-C69AB0BAF71C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE04B795-2F1D-499C-BD85-1C42EA5D46B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D052A1E0-B036-47AB-B4D7-653D790EEC59}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D231D8EC-2627-4938-8A32-B7B2F8B1C119}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC0B03DE-B720-49D5-984C-7EAEF2B8F1EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0BC2EE0-50E9-45B4-BA26-38C9A126EDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8BB4207-9041-4346-8F91-994ADAED4EBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFBBFE00-17BC-4729-8DF5-82B61AA3AA71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F435733B-243A-4B45-AFA8-4D8CFF9D0FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7AAA242-5E33-4626-BDC9-0AF06423B42A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8F2DCFD-BC0A-45BF-B68C-82D08A7EB71B}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{FD7072D4-3504-42D9-9D6A-EAC22109F588}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{118F8712-CE42-479E-B096-AF5A918A9976}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{25DAC1A2-3BAB-46A4-8CD2-61438B5C88AF}C:\program files\fritz!dsl\webwaigd.exe" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"TCP Query User{7D9E8665-B0F8-4E3B-9392-2F6DE840CC16}C:\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\vuze\azureus.exe | 
"TCP Query User{8B468AB2-6E70-4E2F-8097-BE6F496A3AF7}C:\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\vuze\azureus.exe | 
"TCP Query User{B4BDC8F9-3DFD-4F4E-9907-BC945451500E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{BCE342E3-6164-4729-984B-44D78EB759E2}C:\program files\java\jre6\launch4j-tmp\vmload.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\vmload.exe | 
"TCP Query User{BD758721-4EB1-4FA5-9D3B-8D620C69D88F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{FC265E78-9557-48FD-A6EF-E12BF85961C2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3089E17E-0DA4-4021-9C8F-216C10364CB5}C:\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\vuze\azureus.exe | 
"UDP Query User{37204949-4DED-4D2C-B63C-276AA278559B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{4063E4C1-6E53-41B5-AB39-F80E2836B253}C:\program files\fritz!dsl\webwaigd.exe" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"UDP Query User{62B96F8D-BA0B-49D3-BF20-CA4C3E12903B}C:\program files\java\jre6\launch4j-tmp\vmload.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\vmload.exe | 
"UDP Query User{6713F2B1-3C15-43A7-B03E-2E02A5FF642F}C:\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\vuze\azureus.exe | 
"UDP Query User{6AA1F583-4DEA-4F18-AF61-562585A9B684}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A2478E23-9414-425E-AF44-B3069D9425E2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E7FD601C-C98A-49A9-A1F5-220893929CD1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF67793-E2DD-1236-EFEF-B824EBDA5B52}" = Catalyst Control Center Localization Polish
"{214C7365-6784-6853-628E-6604103A0247}" = Catalyst Control Center Localization Portuguese
"{231C675A-8562-1EF5-DE7D-41F4AEBA3A37}" = Catalyst Control Center Localization Thai
"{245E9AB4-6C2A-EBCC-2BC9-70CAAD856B9C}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2719507C-D78E-87BB-1CE3-0E351F99D64A}" = CCC Help French
"{286E71F1-821D-BBE8-1B60-D0A6F03EE82B}" = CCC Help Chinese Standard
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C1277FA-34FE-44EC-CC48-862EC137A584}" = Catalyst Control Center Localization Czech
"{2C2ED5A2-E046-C7DF-672B-0C3BCC3A1D60}" = ccc-utility
"{361D3AB1-5C5E-15AA-4382-DBAE7384D7D8}" = Catalyst Control Center Localization Japanese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3BAC598D-C2E4-6CCE-65BC-C4709A7DBB04}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{44D0A886-91FE-7A81-71A0-CE66E8B95426}" = CCC Help Swedish
"{451D50B6-D630-9AC1-0981-F6C58889D6E8}" = CCC Help Russian
"{45515FC6-0263-9408-BCFF-87E164A065A8}" = CCC Help Japanese
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4C391BD8-87F8-4FCF-A08E-2351F3E69EC4}" = Die Gilde 2
"{4D1677F7-E189-F455-AAF6-3439CB879257}" = Catalyst Control Center Localization Dutch
"{4F0A679F-9F18-D18E-D1DA-0EF611692995}" = Catalyst Control Center Localization Hungarian
"{4F0AC4C6-5F8F-A0C7-146D-77D27659D90B}" = CCC Help Thai
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A834AA0-CE50-603C-8D05-F644274B4BAD}" = Catalyst Control Center Localization Danish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D1691A3-3AD3-B3A4-447C-1A3F87DD94EA}" = CCC Help Polish
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7234E703-6517-DE1C-6B03-86728C47AB7A}" = Catalyst Control Center Localization French
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B1E6C9F-FFC7-433C-788C-B4DB6FC9146B}" = Catalyst Control Center Localization Chinese Standard
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7FD2C37F-6564-DDD4-2338-945E5F10635D}" = Catalyst Control Center Localization Greek
"{80ABB113-F67B-5CF6-819B-F55E663A96F4}" = CCC Help German
"{80EA885E-061F-6805-6F1D-C8DBE84283CB}" = Catalyst Control Center Graphics Full New
"{837AA808-588A-EFC8-0955-EA23BB3A6280}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8404FEDE-568F-35A2-1563-61139CF5B99F}" = Catalyst Control Center Localization Spanish
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{852F2CDB-1B2F-1E45-D09E-E850FEA70657}" = Catalyst Control Center Localization Italian
"{86563514-906B-D3F7-98CA-E154666CC6BB}" = CCC Help Portuguese
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D2E6EA4-90A9-D5B2-211A-223684DFEC4B}" = CCC Help Dutch
"{8DEA8183-7317-0797-5A83-E40F2E988D3D}" = Catalyst Control Center Localization Norwegian
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC2E6EA-8399-1FCE-33E8-BB5685110EF1}" = Catalyst Control Center Localization Chinese Traditional
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9372A5A0-DA43-0B28-6F7A-C02018D8C015}" = Catalyst Control Center InstallProxy
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C857D09-9AC7-FAAF-B91C-47E4BFE8F7E8}" = Catalyst Control Center Localization Swedish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FC3FB5F-8F79-8166-4A8A-C59A36DF7310}" = Catalyst Control Center Localization Russian
"{A1DAE112-53CC-B5E9-D4A5-FD383966C4F8}" = CCC Help Korean
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A33C95D7-FCDC-6823-DCE8-B9667D4026FD}" = Catalyst Control Center Graphics Previews Vista
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BC0F1E-FC74-5B0D-09D0-2EA7CE793EE4}" = Catalyst Control Center Localization German
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B52B655B-B378-79F5-E7F9-FD6647D021E8}" = CCC Help Greek
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6B618F6-AFF4-8832-EBC1-E70BE7DAA0B4}" = Catalyst Control Center Core Implementation
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA129E42-C13D-CB59-52E6-1F4E750631E7}" = CCC Help English
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BDEB7654-9222-AFB6-68B2-AE24F21BDD5B}" = Catalyst Control Center Localization Finnish
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C583DF04-374E-D0FC-702B-3C5A85CD7383}" = Catalyst Control Center Graphics Light
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C817EDF4-88AF-CE4B-FCB0-EEC15672D789}" = Catalyst Control Center Localization Korean
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9A00B1D-AB31-4FE9-EA46-4AEE0C4988D9}" = Skins
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CA123D54-A120-C0FE-5B60-458A8F7A1A37}" = ATI Catalyst Install Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD3A9BCA-BD0C-BEC5-36EA-8DE25F4B11E8}" = CCC Help Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE459BDE-0245-B8DF-078E-31FAE61F13E9}" = CCC Help Spanish
"{CE95B2E3-B55F-CCF7-9ABA-208ADB428D64}" = Catalyst Control Center Localization Turkish
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E47B98-2E34-EACC-0B69-7884E63ECAC9}" = CCC Help Czech
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D4968BAE-7C1D-5C90-74C9-C0843D4F7215}" = Catalyst Control Center Graphics Previews Common
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DA174B69-0AD8-F0C4-1998-B0B1373C81B6}" = CCC Help Finnish
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E07C7495-319D-0274-29F3-9D005A885A16}" = CCC Help Danish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E77572A5-75D0-AB7A-3DDF-2C9DF57A663E}" = Catalyst Control Center Graphics Full Existing
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED228BF3-3BE1-F42D-4F66-BF6472A6E013}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6D1138C-C997-E7F6-9252-353E31698561}" = CCC Help Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"8461-7759-5462-8226" = Vuze
"8461-7759-5462-8226-1" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CK Popup Killer" = CK Popup Killer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla Client" = FileZilla Client 3.3.2.1
"FormatFactory" = FormatFactory 2.20
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"GhostMouse 2.0" = GhostMouse 2.0
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXONB6EC381C" = CINEMA 4D 11.514
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"ObjectDock" = ObjectDock
"Uninstall_is1" = Uninstall 1.0.0.1
"WavePad" = WavePad Audiobearbeitungs-Software
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.04.2011 04:16:01 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.04.2011 15:46:07 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.04.2011 15:49:57 | Computer Name = Nine-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul DropboxExt.13.dll, Version 1.0.0.13, Zeitstempel
 0x4b1efafb, Ausnahmecode 0xc0000005, Fehleroffset 0x0000445c,  Prozess-ID 0x738, 
Anwendungsstartzeit 01cbfe010bbc4f50.
 
Error - 18.04.2011 15:50:24 | Computer Name = Nine-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul DropboxExt.13.dll, Version 1.0.0.13, Zeitstempel
 0x4b1efafb, Ausnahmecode 0xc0000005, Fehleroffset 0x0000445c,  Prozess-ID 0xd90, 
Anwendungsstartzeit 01cbfe01ce067040.
 
Error - 18.04.2011 15:50:47 | Computer Name = Nine-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul DropboxExt.13.dll, Version 1.0.0.13, Zeitstempel
 0x4b1efafb, Ausnahmecode 0xc0000005, Fehleroffset 0x0000445c,  Prozess-ID 0x948, 
Anwendungsstartzeit 01cbfe01deb7d0a0.
 
Error - 21.04.2011 09:33:07 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2011 13:55:01 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 03:40:32 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 04:06:52 | Computer Name = Nine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 05:11:01 | Computer Name = Nine-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 27.04.2011 04:40:00 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.04.2011 04:29:17 | Computer Name = Nine-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.04.2011 um 23:43:44 unerwartet heruntergefahren.
 
Error - 30.04.2011 04:31:05 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 01.05.2011 07:39:35 | Computer Name = Nine-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.05.2011 um 12:51:17 unerwartet heruntergefahren.
 
Error - 01.05.2011 07:41:08 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 01.05.2011 07:42:06 | Computer Name = Nine-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 02.05.2011 03:52:26 | Computer Name = Nine-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.05.2011 um 00:01:46 unerwartet heruntergefahren.
 
Error - 02.05.2011 03:53:52 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 04.05.2011 04:41:37 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 04.05.2011 04:54:24 | Computer Name = Nine-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
[ TuneUp Events ]
Error - 12.08.2010 04:41:36 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 10:41:36', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','3800',0)
 
Error - 12.08.2010 04:56:41 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 10:56:41', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2456',0)
 
Error - 12.08.2010 05:27:37 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 11:27:37', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2216',0)
 
Error - 12.08.2010 05:27:42 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 11:27:42', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2788',0)
 
Error - 12.08.2010 05:48:23 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 11:48:23', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2908',0)
 
Error - 12.08.2010 06:43:56 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 12:43:56', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','1624',0)
 
Error - 12.08.2010 06:44:21 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-12 12:44:21', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','1612',0)
 
Error - 04.05.2011 04:36:24 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-04 10:36:24', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','4228',0)
 
Error - 04.05.2011 04:41:12 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-04 10:41:12', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','1924',0)
 
Error - 04.05.2011 04:43:12 | Computer Name = Nine-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-04 10:43:12', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','1600',0)
 
 
< End of report >
         
--- --- ---

Alt 04.05.2011, 12:05   #7
markusg
/// Malware-holic
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



sorry erst mal, hatte mich verlesen, du hast ja vista, kein xp.
noch ein log, dann machen wir die datensicherung

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.05.2011, 12:33   #8
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-03.03 - 04.05.2011  12:22:26.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1857 [GMT 2:00]
ausgeführt von:: d:\download\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\f3PSSavr.scr
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 10:27 . 2011-05-04 10:27	--------	d-----w-	c:\users\Nine\AppData\Local\temp
2011-05-04 10:27 . 2011-05-04 10:27	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-05-04 10:27 . 2011-05-04 10:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-03 08:22 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5BA51B2-D842-45BB-A345-9D1F246C2E3D}\mpengine.dll
2011-04-28 07:32 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 07:32 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 07:32 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-13 20:47 . 2011-04-13 20:47	--------	d-----w-	c:\users\Nine\AppData\Roaming\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 10:02 . 2010-08-11 21:59	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-28 07:32	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 07:32	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 07:32	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 07:32	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 11:42	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 11:42	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 11:42	797696	----a-w-	c:\windows\system32\FntCache.dll
2009-12-10 08:38 . 2009-12-10 12:57	1924200	----a-w-	c:\program files\install_flash_player10.0.42.34.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Nine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Nine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Nine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"CK POPUP KILLER"="c:\ck popup killer\PKILL.EXE" [2001-05-14 1241088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-17 6253088]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\stardock\ObjectDock\ObjectDock.exe [2009-12-7 3444008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Nine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CK POPUP KILLER]
2001-05-14 23:35	1241088	----a-w-	c:\ck popup killer\PKILL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05	15026056	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 01:11	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"sta"=rundll32 "ktsop.dll",,Run
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2684614725-1401231723-2353267314-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-16 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\1-Klick-Wartung.job
- c:\tuneup utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 06:38]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 06:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: An vorhandenes PDF anfügen - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\FRITZ!DSL\\sarah.dll
Trusted Zone: everestpoker.com\account
FF - ProfilePath - c:\users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - Ext: VMLoad: {464F169E-ACE1-4C5F-A778-A433A3DABBAE} - c:\mozilla firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: YouTube Downloader for Facebook: {2122962a-1424-fffe-19af-bba2ef3eff4a} - %profile%\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-04 12:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-04  12:30:22
ComboFix-quarantined-files.txt  2011-05-04 10:30
ComboFix2.txt  2010-08-17 09:17
ComboFix3.txt  2010-08-12 14:05
.
Vor Suchlauf: 22 Verzeichnis(se), 74.641.608.704 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 75.132.579.840 Bytes frei
.
- - End Of File - - 8F529389CF0CAB292E70EAD56BEE8A56
         
--- --- ---

Alt 04.05.2011, 15:24   #9
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



hallo,

muss ich jetzt noch was machen oder ist alles beseitigt?

Alt 04.05.2011, 15:32   #10
markusg
/// Malware-holic
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



1.
habe ich ein privat leben, also nicht gleich rum stressen wenn du nicht nach 2 stunden gleich ne antwort bekommst, zumal du hier nicht der einzige bist.
2. wollte ich mir die logs aus einem grund ansehen, um zu wissen ob wir in ruhe, ohne weitere maßnamen neu aufsetzen können.
der trojaner ist nicht beseitigt, du musst jetzt folgendes tun:
- daten sichern:
sichere alle persönlichen daten, fotos bilder dokumente, nichts aus tauschbörsen, nichts illegales, auf ne externe festplatte, rolinge, oder usb stick.
- danach werden wir das system formatieren und neu aufsetzen.
- dann, falls gewünscht, können wir das system noch absichern.
da währen einige maßnamen die du treffen solltest, damit in zukunft keine malware mehr aktiev wird auf diesem pc.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.05.2011, 15:37   #11
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



Entschuldigung..aber warum motzt du mich denn hier so an?
hast da wohl was falsch verstanden..wollte nicht rumstressen. Hatte lediglich gehofft, dass alles weg ist und ich wieder beruhigt sein kann, kenn mich ja in der Materie nich aus..

Alt 04.05.2011, 15:44   #12
markusg
/// Malware-holic
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



hi,
nein du kannst nicht beruhigt sein, solche malware nimmt weitreichende enderungen am pc vor.
deswegen ist ein sicheres system nur dann wiederhergestellt, nach dem es formatiert und neu aufgesetzt ist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.05.2011, 15:50   #13
piepmatz
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



ok...scheiße
na dann muss ich mir jetzt erstmal ne externe Festplatte besorgen, um meine ganzen Daten zu sichern..Rohlinge und USB Sticks werden da wohl nicht ausreichen..
Würd mich dann wieder melden, sobald ich alles sichern konnte.

danke erstmal soweit für die Hilfe..

Alt 04.05.2011, 15:51   #14
markusg
/// Malware-holic
 
Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Standard

Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.



es ist sowieso immer gut, ne externe sicherung zu haben, wenn deine festplatte mal kaputt ist, kostet ne daten rettung einige hundert E€.
ok meld dich dann, wenn du so weit bist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.
antivirenprogramm, avira, avira antivir, dankbar, e-banking, einzugeben, laufe, laufen, möglichkeit, nichts, online, online-banking, onlinebanking, platt, programm, rechner, sperre, sperren, trojaner, virenprogram, virenprogramm, zugang



Ähnliche Themen: Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an.


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Schädling auf dem Rechner, aber Avira sagt nichts
    Plagegeister aller Art und deren Bekämpfung - 27.10.2015 (5)
  3. Trojaner im Online banking
    Lob, Kritik und Wünsche - 02.12.2014 (0)
  4. Win 7: Rechner sporadisch sehr langsam + Volksbank Online-Banking Rücküberweisungs-Trojaner
    Log-Analyse und Auswertung - 06.06.2014 (11)
  5. Online-Banking-Trojaner!
    Log-Analyse und Auswertung - 22.06.2013 (17)
  6. Windows 7: Kaspersky findet nichts aber der Rechner verhält sich sehr auffällig
    Log-Analyse und Auswertung - 31.05.2013 (20)
  7. Malwarebytes findet Trojan.inject - Rechner zeigt aber keine Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (23)
  8. MITB Trojaner Online Banking gesperrt Avira Free Version findet nichts
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (13)
  9. T-Online sagt Virus aber nichts wird gefunden...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  10. norton internet security 2013 zeigt an Computer ist gefährdet, aber macht nichts
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (3)
  11. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  12. Rechner langsam und Sicherheitsmeldung beim Online-Banking
    Log-Analyse und Auswertung - 14.09.2011 (3)
  13. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  14. Nur Combofix zeigt rootkit an löscht aber nichts
    Log-Analyse und Auswertung - 21.07.2011 (22)
  15. online-banking gesperrt - Gozi auf Rechner
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (3)
  16. 40 Tan-Trojaner bei DKB Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (28)
  17. Trojaner... aber HiJack zeigt nichts besonderes
    Log-Analyse und Auswertung - 09.11.2005 (10)

Zum Thema Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. - Hallo, habe ein Problem. Nachdem ich gerade stutzig wurde, als ich beim Online-Banking aufgefordert wurde meine ganzen Tan-Codes einzugeben, hab ich den Zugang gleich sperren lassen und mein Antivirenprogramm (Avira - Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an....
Archiv
Du betrachtest: Online Banking...Trojaner auf dem Rechner, aber Virenprogramm zeigt nichts an. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.