Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TANs gesperrt, vermutlich Trojaner. Wie geht es weiter? (https://www.trojaner-board.de/101232-tans-gesperrt-vermutlich-trojaner-geht.html)

Julia86 11.07.2011 13:26
TANs gesperrt, vermutlich Trojaner. Wie geht es weiter?
 
Hallo,

ich habe ein Problem: Neulich bekam ich einen Brief meiner Bank, dass alle meine TANs wegen mehrmaliger falscher Eingabe gesperrt wurden. Das kann keinesfalls mein eigenes Verschulden sein.

Ich habe darauf hin mit Antivir und TrojanHunter mehrere Systemprüfungen und Scans gemacht - nichts!

Wie kann ich jetzt weiter fortfahren? Ich kenne mich nicht so gut aus, kriege eine Neuinstallation von Win 7 allerdings hin. Problem hierbei: Ich habe nur die Partition von Samsung Recovery Solution 4 zum Neuinstallieren, d.h. Werkszustand.

Reicht das? Oder wie macht man das sonst?

Ich bin leider überfragt...

Danke schonmal!

Gruß,

Julia

cosinus 11.07.2011 13:36
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Julia86 11.07.2011 15:04
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7070

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11.07.2011 15:49:59
mbam-log-2011-07-11 (15-49-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 393538
Laufzeit: 53 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.





Dieses OTL bleibt immer bei "scanning firefox settings" hängen...

cosinus 11.07.2011 15:18
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Julia86 11.07.2011 15:21
14:42:30 Julia MESSAGE Protection started successfully
14:42:34 Julia MESSAGE IP Protection started successfully
15:49:30 Julia DETECTION C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL Adware.WidgiToolbar QUARANTINE
15:49:31 Julia ERROR Quarantine failed: DeleteFile failed with error code 5
15:54:22 Julia DETECTION C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL Adware.WidgiToolbar DENY
15:54:25 Julia DETECTION C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll Adware.WidgiToolbar DENY
15:56:57 Julia DETECTION C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL Adware.WidgiToolbar DENY
15:57:20 Julia DETECTION C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL Adware.WidgiToolbar DENY
15:57:32 Julia DETECTION C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL Adware.WidgiToolbar DENY
16:03:47 Julia DETECTION C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL Adware.WidgiToolbar DENY
16:03:48 Julia DETECTION C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll Adware.WidgiToolbar DENY
16:10:41 Julia MESSAGE Protection started successfully
16:10:45 Julia MESSAGE IP Protection started successfully


Das wars...

cosinus 11.07.2011 15:33
Probier OTL mal bitte so:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Julia86 11.07.2011 15:56
Klappt nicht... Habe sogar Firefox deinstalliert, damit er da nicht hängen bleiben kann.

Und nun?

cosinus 11.07.2011 16:04
Dann ist das FF-Profil noch da und evtl. defekt. Navigiere mal in den Profilpfad:

C:\Users\(DEIN_NAME)\AppData\Roaming\Mozilla\Firefox\Profiles

Dort müsste min. ein Ordner sein zB sowas wie ncm2vqzi.default - diesen Ordner mal auf einen Stick oder ext. Platte sichern und dann aus diesem Pfad C:\Users\(DEIN_NAME)\AppData\Roaming\Mozilla\Firefox\Profiles löschen.

Julia86 11.07.2011 16:22
Jetzt aber! Das hier wurde anhand der Malwarebyte-Logfile erstellt:
OTL Logfile:
Code:
OTL logfile created on: 7/11/2011 5:18:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Julia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 69.82% Memory free
7.73 Gb Paging File | 6.30 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 141.04 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive D: | 345.07 Gb Total Space | 344.46 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
 
Computer Name: WALLEE | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/11 16:40:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Downloads\OTL.exe
PRC - [2011/07/05 10:08:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011/06/15 18:12:59 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/28 21:48:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/25 21:22:06 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/03/25 21:21:30 | 000,673,648 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/03/04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/23 05:47:12 | 001,070,360 | ---- | M] (Mischel Internet Security) -- C:\Program Files (x86)\TrojanHunter 5.3\THGuard.exe
PRC - [2010/08/02 12:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/11 16:40:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Downloads\OTL.exe
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/07/05 10:08:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/13 22:26:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/28 21:48:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/25 21:22:06 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/11/20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/02 12:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/05 10:08:35 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/05 10:08:35 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 14:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 17:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/04/07 11:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/25 04:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/12/14 22:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/12 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2010/01/12 16:08:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/07/12 18:13:08] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.5\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/15 18:13:12 | 000,000,000 | ---D | M]
 
[2011/04/06 11:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Extensions
[2011/07/11 16:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2011/06/14 13:55:43 | 000,001,187 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.5\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.5\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43e642b6-9e9e-11e0-a623-002454bbdbe8}\Shell - "" = AutoRun
O33 - MountPoints2\{43e642b6-9e9e-11e0-a623-002454bbdbe8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43e642c5-9e9e-11e0-a623-002454bbdbe8}\Shell - "" = AutoRun
O33 - MountPoints2\{43e642c5-9e9e-11e0-a623-002454bbdbe8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7d5af75b-9f12-11e0-8ca5-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{7d5af75b-9f12-11e0-8ca5-001e101f2500}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/11 16:43:42 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Opera
[2011/07/11 16:43:42 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Opera
[2011/07/11 16:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/07/11 14:41:59 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Malwarebytes
[2011/07/11 14:41:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/11 14:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/11 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/11 14:41:50 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/07/11 14:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/05 11:46:40 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Simfy
[2011/07/05 11:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011/07/05 11:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simfy
[2011/07/04 14:31:39 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Sortieren
[2011/07/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/07/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dealio Toolbar
[2011/07/04 11:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/07/04 11:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2011/07/04 11:10:28 | 000,307,200 | ---- | C] (FLV.com) -- C:\windows\SysWow64\TubeFinder.exe
[2011/07/04 11:10:26 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\FreeFLVConverter
[2011/07/04 11:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2011/07/04 11:07:15 | 000,098,304 | ---- | C] (Moyea Software Co., Ltd.) -- C:\mglobal.dll
[2011/07/04 11:07:15 | 000,086,016 | ---- | C] (Flash Video MX) -- C:\reglib.dll
[2011/07/04 11:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moyea
[2011/07/04 11:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea
[2011/07/04 11:06:32 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Downloads
[2011/07/04 11:06:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\GetRightToGo
[2011/07/04 10:57:16 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\Moyea
[2011/07/03 21:52:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[2011/06/30 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Codepad
[2011/06/30 12:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codepad
[2011/06/30 12:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codepad2
[2011/06/30 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\TrojanHunter
[2011/06/30 08:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2011/06/30 08:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2011/06/30 08:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.3
[2011/06/26 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Microsoft Games
[2011/06/26 20:43:14 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\Floodgate
[2011/06/25 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{460B8D94-E5AF-4A67-B475-D079D5805431}
[2011/06/24 22:15:07 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Telefónica
[2011/06/24 22:14:53 | 000,079,360 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jucdcacm.sys
[2011/06/24 22:14:53 | 000,076,288 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys
[2011/06/24 22:14:53 | 000,049,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jucdcecm.sys
[2011/06/24 22:14:53 | 000,027,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_juextctrl.sys
[2011/06/24 22:14:47 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\windows\SysNative\drivers\mod7700.sys
[2011/06/24 22:14:47 | 000,250,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbnet.sys
[2011/06/24 22:14:47 | 000,120,704 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbmdm.sys
[2011/06/24 22:14:47 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\SysNative\drivers\ewdcsc.sys
[2011/06/24 22:14:47 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_usbenumfilter.sys
[2011/06/24 22:14:40 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_hwusbdev.sys
[2011/06/24 22:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HUAWEI Modem Driver
[2011/06/24 22:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2
[2011/06/24 22:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\o2
[2011/06/18 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\WinRAR
[2011/06/18 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/18 21:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/18 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/15 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/06/15 18:13:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/06/15 18:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/15 18:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/06/15 18:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/06/15 18:11:59 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Real
[2011/06/12 18:52:16 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[1 C:\Users\Julia\Desktop\*.tmp files -> C:\Users\Julia\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/11 17:12:56 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/11 17:12:56 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/07/11 17:12:56 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/11 17:12:56 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/07/11 17:12:56 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/11 16:53:36 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 16:53:36 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 16:45:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/11 16:45:41 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 16:43:40 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/07/11 14:41:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 13:02:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/05 11:46:38 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/07/05 10:08:35 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011/07/05 10:08:35 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011/07/04 11:10:29 | 000,001,117 | ---- | M] () -- C:\Users\Julia\Desktop\Free FLV Converter.lnk
[2011/07/04 08:29:24 | 004,987,856 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/30 08:56:49 | 000,059,392 | R--- | M] () -- C:\windows\SysWow64\streamhlp.dll
[2011/06/30 08:56:49 | 000,001,005 | ---- | M] () -- C:\Users\Julia\Desktop\TrojanHunter.lnk
[2011/06/30 07:25:22 | 000,000,132 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/24 22:15:07 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Connection Manager.lnk
[2011/06/24 22:14:55 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2011/06/20 14:10:28 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/15 18:13:19 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/15 18:13:00 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[1 C:\Users\Julia\Desktop\*.tmp files -> C:\Users\Julia\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/07/11 16:43:40 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/07/11 16:43:40 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/07/11 14:41:54 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/05 11:46:38 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/07/04 11:10:29 | 000,001,117 | ---- | C] () -- C:\Users\Julia\Desktop\Free FLV Converter.lnk
[2011/07/04 11:10:27 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\PropertyGrid.ocx
[2011/07/04 11:10:27 | 000,208,500 | ---- | C] () -- C:\windows\SysWow64\ReyXpBasics.tlb
[2011/07/04 11:10:26 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\ControlSubX.ocx
[2011/06/30 08:56:49 | 000,001,005 | ---- | C] () -- C:\Users\Julia\Desktop\TrojanHunter.lnk
[2011/06/30 08:56:43 | 000,059,392 | R--- | C] () -- C:\windows\SysWow64\streamhlp.dll
[2011/06/24 22:15:07 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Connection Manager.lnk
[2011/06/24 22:14:55 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2011/06/20 14:10:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/20 14:10:28 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/15 18:13:19 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/12 17:47:11 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS5.5.lnk
[2011/06/07 00:58:30 | 000,000,132 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/06 10:56:48 | 000,007,605 | ---- | C] () -- C:\Users\Julia\AppData\Local\Resmon.ResmonCfg
[2011/06/03 18:41:13 | 000,001,456 | ---- | C] () -- C:\Users\Julia\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011/05/03 21:23:21 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 11:15:13 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/07/12 11:58:11 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/07/12 11:17:40 | 000,001,612 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/07/12 11:03:22 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/06/12 18:52:16 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/05 23:09:26 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/06 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\EPSON
[2011/06/30 06:14:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\FileZilla
[2011/07/04 11:10:32 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\FreeFLVConverter
[2011/07/04 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\GetRightToGo
[2011/07/11 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Opera
[2011/06/10 10:41:42 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\PACE Anti-Piracy
[2011/07/05 11:46:40 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Simfy
[2011/05/30 22:14:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/06/24 22:15:07 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Telefónica
[2011/06/30 10:35:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\TrojanHunter
[2011/06/08 14:10:53 | 000,032,600 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Malwarebytes' Anti-Malware 1.51.0.1200 >
 
< Malwarebytes : Free anti-malware, anti-virus and spyware removal download >
 
<  >
 
< Datenbank Version: 7070 >
 
<  >
 
< Windows 6.1.7601 Service Pack 1 >
 
< Internet Explorer 8.0.7601.17514 >
 
<  >
 
< 11.07.2011 15:49:59 >
 
< mbam-log-2011-07-11 (15-49-59).txt >
 
<  >
 
< Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) >
 
< Durchsuchte Objekte: 393538 >
 
< Laufzeit: 53 Minute(n), 14 Sekunde(n) >
 
<  >
 
< Infizierte Speicherprozesse: 0 >
 
< Infizierte Speichermodule: 1 >
 
< Infizierte Registrierungsschlüssel: 0 >
 
< Infizierte Registrierungswerte: 1 >
 
< Infizierte Dateiobjekte der Registrierung: 0 >
 
< Infizierte Verzeichnisse: 0 >
 
< Infizierte Dateien: 1 >
 
<  >
 
< Infizierte Speicherprozesse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Speichermodule: >
 
< c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot. >
 
<  >
 
< Infizierte Registrierungsschlüssel: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Registrierungswerte: >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. >
 
<  >
 
< Infizierte Dateiobjekte der Registrierung: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Verzeichnisse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Dateien: >
 
< c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5C270C64
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2430E4FC

< End of report >
--- --- ---

Julia86 11.07.2011 20:02
Mag da nochmal wer draufgucken?!

cosinus 11.07.2011 22:09
Zitat:
[AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Aus welcher Quelle stammt dieses CS5?

Julia86 11.07.2011 22:58
Ähm, wie meinst du das mit Quelle? Ich denke, das kommt aus einer Adobe Installation, aber so ganz weiß ich nicht, was du meinst...

cosinus 11.07.2011 23:05
Ja, und wer hat dir das installiert? Du weißt auch wie teuer eine CS5-Linzenz ist? offensichtlich nicht!

Julia86 11.07.2011 23:16
Das habe ich selbst installiert und das sind Testversionen.

Photoshop, Illustrator, InDesign von Adobe habe ich gekauft... Wo ist da ein Problem?

Julia86 11.07.2011 23:18
Die Quellen sind dann also Adobe-CD und Adobe Website...

Ich weiß, wie teuer so Lizenzen sind, deshalb hab ich auch nur Studenten- oder Testversionen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130