Trojaner-Board - Volksbank Trojaner mit TAN-Eingabe Aufforderung

Hallo liebes Forum.
Das Problem wurde hier bereits mehrmals beschrieben. Nach dem Login in den Volksbank Account erscheint ein Frame, der zur Eingabge von 20 Tans auffordert und der ein Arbeiten am Konto verhindert. Man kann nichts mehr anklicken außer den Tans.
Habe mein System mit Antivir, Trojan Remover und SpyHunter überprüft und gegebenenfalls Funde reparieren lassen. Das Problem besteht aber weiterhin und nun wird nichts mehr von o.g. Programmen gefunden. Habe Antivir auch als Administrator laufen lassen.

Soweit ich hier alles richtig verstanden hab, benötigt man um mir zu Helfen folgende txt Dokumente die ich gerade erstellt habe:

Eine der OTL Dateien war zum Upload zu groß deshalb hier:

OTL Logfile:

Code:

OTL logfile created on: 13.09.2010 17:38:03 - Run 1

OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\**\Desktop

64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free

12,00 Gb Paging File | 10,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 42,20 Gb Total Space | 5,18 Gb Free Space | 12,28% Space Free | Partition Type: NTFS

Drive D: | 141,89 Gb Total Space | 4,73 Gb Free Space | 3,33% Space Free | Partition Type: NTFS

Drive E: | 188,48 Gb Total Space | 34,39 Gb Free Space | 18,24% Space Free | Partition Type: NTFS

Drive F: | 634,76 Gb Total Space | 1,75 Gb Free Space | 0,28% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 39,22 Mb Total Space | 11,65 Mb Free Space | 29,70% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

 

Computer Name: **

Current User Name: **

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.09.13 14:45:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe

PRC - [2010.09.13 11:43:59 | 001,689,088 | ---- | M] (Elgato Systems) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe

PRC - [2010.09.13 11:43:59 | 000,532,480 | ---- | M] (z2 Software) -- C:\Program Files (x86)\z2 Remote2PC\R2PCServ.exe

PRC - [2010.09.09 09:29:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

PRC - [2010.09.09 09:29:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010.09.06 11:03:54 | 000,204,680 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe

PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.07.01 21:25:41 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\**\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

PRC - [2010.06.28 18:05:26 | 003,021,720 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe

PRC - [2010.05.18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2009.12.16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe

PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.06.17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.02.28 20:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

PRC - [2009.02.16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008.09.20 12:45:59 | 002,177,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

PRC - [2008.08.03 03:37:14 | 000,618,496 | ---- | M] (z2 Software) -- C:\Program Files (x86)\z2 Remote2PC\R2PCSH.exe

PRC - [2007.01.30 03:08:40 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2007.01.12 04:12:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe

PRC - [2007.01.12 04:09:28 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2006.09.03 12:11:58 | 000,429,360 | ---- | M] (AJSystems.com Inc.) -- C:\Program Files (x86)\Eazy-Ware\ezSched.exe

PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.09.13 14:45:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe

MOD - [2010.09.08 17:04:13 | 000,046,592 | -H-- | M] () -- C:\Windows\SysWOW64\cmdsmon.dll

MOD - [2009.07.14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll

MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll

MOD - [2009.06.10 23:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll

MOD - [2008.06.25 02:43:29 | 000,117,696 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp.dll

MOD - [2007.01.30 03:08:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)

SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)

SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010.09.13 11:43:59 | 000,532,480 | ---- | M] (z2 Software) [Auto | Running] -- C:\Program Files (x86)\z2 Remote2PC\R2PCServ.exe -- (z2 R2PC Server)

SRV - [2010.05.18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service)

SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2009.12.16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\IWPORT.SYS -- (IWPORT)

DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010.03.09 13:42:35 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009.11.25 12:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009.11.18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)

DRV:64bit: - [2009.11.11 15:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009.11.05 11:48:16 | 000,655,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)

DRV:64bit: - [2009.11.05 11:48:16 | 000,624,448 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)

DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)

DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)

DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)

DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)

DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)

DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)

DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)

DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)

DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV:64bit: - [2008.09.20 12:44:23 | 000,113,088 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2008.01.19 07:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)

DRV:64bit: - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV:64bit: - [2007.01.23 16:48:00 | 000,136,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)

DRV:64bit: - [2007.01.23 16:47:00 | 000,112,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)

DRV:64bit: - [2007.01.23 16:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2007.01.23 16:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2007.01.23 16:47:00 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2010.01.27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - [2009.03.18 12:02:38 | 000,076,088 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\DualCoreCenter\RushTop64.sys -- (RushTopDevice2)

DRV - [2009.02.28 19:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/26 14:11:32] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2008.12.08 12:32:44 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys -- (DualCoreCenter)

DRV - [2008.09.20 12:44:23 | 000,113,088 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2008.01.21 17:43:42 | 000,036,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\hotcore3.sys -- (hotcore3)

DRV - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2006.10.13 09:18:26 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..keyword.URL: "hxxp://www3.iamwired.net/websearch.php?src=tops&search="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 15:38:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 09:29:17 | 000,000,000 | ---D | M]

 

[2010.03.06 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Extensions

[2010.09.13 12:29:26 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions

[2010.09.13 12:05:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.08.12 17:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.07.27 08:28:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.09.09 08:29:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010.07.21 08:58:58 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions\fastdial@telega.phpnet.us

[2010.07.20 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\bydy68hv.default\extensions\LogMeInClient@logmein.com

[2010.09.13 12:29:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2010.09.09 09:29:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.09.09 09:29:16 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.09.09 09:29:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.09.09 09:29:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.09.09 09:29:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.09.13 16:53:35 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EazyScheduler] C:\Program Files (X86)\Eazy-Ware\ezSched.exe (AJSystems.com Inc.)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)

O4 - HKCU..\Run: [SansaDispatch] C:\Users\**\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

O4 - Startup: C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyDVD.exe - Verknüpfung.lnk = C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)

O4 - Startup: C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\**\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\**\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///D:/Programme/proeWildfire%203.0/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.13 09:34:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6df8f80e-58d4-11df-8813-0019dbcdd511}\Shell - "" = AutoRun

O33 - MountPoints2\{6df8f80e-58d4-11df-8813-0019dbcdd511}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{cdb286ac-656a-11df-8429-0019dbcdd511}\Shell - "" = AutoRun

O33 - MountPoints2\{cdb286ac-656a-11df-8429-0019dbcdd511}\Shell\AutoRun\command - "" = P:\WD SmartWare.exe -- File not found

O33 - MountPoints2\P\Shell - "" = AutoRun

O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\WD SmartWare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: fingiles - (C:\Windows\system32\cmdsmon.dll) - C:\Windows\SysWOW64\cmdsmon.dll ()

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.09.13 16:42:20 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Trojaner Problem

[2010.09.13 14:44:51 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe

[2010.09.13 14:00:45 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes

[2010.09.13 14:00:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010.09.13 14:00:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010.09.13 14:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.09.13 14:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010.09.13 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2010.09.13 12:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB

[2010.09.13 10:53:40 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2010.09.13 10:53:25 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

[2010.09.13 09:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group

[2010.09.13 09:34:02 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP

[2010.09.13 09:25:23 | 000,000,000 | ---D | C] -- C:\Users\**\Documents\Simply Super Software

[2010.09.13 09:25:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll

[2010.09.13 09:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover

[2010.09.13 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Simply Super Software

[2010.09.13 09:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2010.09.10 14:59:56 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\vpn-profile-2009-v1

[2010.09.10 14:59:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Deterministic Networks

[2010.09.10 14:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems

[2010.09.09 20:19:44 | 000,000,000 | ---D | C] -- C:\Users\**\Documents\pdf24

[2010.09.09 20:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdf24

[2010.09.09 08:26:20 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Bewerbung Praktikum Voith

[2010.09.08 09:20:44 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2010.08.20 13:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010.08.20 13:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2010.08.17 18:23:25 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2010.08.16 11:44:11 | 000,000,000 | R--D | C] -- C:\Users\**\Documents\Scanned Documents

[2010.08.16 11:44:11 | 000,000,000 | ---D | C] -- C:\Users\**\Documents\Fax

[2010.08.15 15:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resco

[2010.08.15 15:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync

[2010.08.15 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\**\Desktop\Kroatien 2010

[2010.03.09 13:42:35 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\**\AppData\Roaming\pcouffin.sys

[2009.11.25 17:39:30 | 009,311,688 | ---- | C] (Foxit Software) -- C:\Program Files (x86)\Foxit Reader.exe

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.09.13 17:38:30 | 003,932,160 | -HS- | M] () -- C:\Users\**\ntuser.dat

[2010.09.13 17:36:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.09.13 17:00:30 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.09.13 17:00:30 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.09.13 16:57:24 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010.09.13 16:57:24 | 000,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2010.09.13 16:57:24 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010.09.13 16:57:24 | 000,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2010.09.13 16:57:24 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010.09.13 16:53:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.09.13 16:53:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.09.13 16:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.09.13 16:53:00 | 536,420,351 | -HS- | M] () -- C:\hiberfil.sys

[2010.09.13 16:51:58 | 004,128,287 | -H-- | M] () -- C:\Users\**\AppData\Local\IconCache.db

[2010.09.13 14:45:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe

[2010.09.13 14:00:39 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 12:02:07 | 000,001,239 | ---- | M] () -- C:\Users\**\Desktop\DVDVideoSoft Free Studio.lnk

[2010.09.13 12:01:00 | 000,007,597 | ---- | M] () -- C:\Users\**\AppData\Local\Resmon.ResmonCfg

[2010.09.13 11:32:13 | 000,181,760 | ---- | M] () -- C:\Users\**\Desktop\Starterpaket_Bestellformular.doc

[2010.09.13 10:53:40 | 000,002,282 | ---- | M] () -- C:\Users\**\Desktop\SpyHunter.lnk

[2010.09.13 10:31:00 | 000,038,214 | ---- | M] () -- C:\Users\**\Desktop\Spielauftrag-**.pdf

[2010.09.13 09:34:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2010.09.13 09:25:18 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk

[2010.09.13 08:51:22 | 000,089,760 | ---- | M] () -- C:\Users\**\Desktop\Phishing (1).pdf

[2010.09.13 08:51:09 | 000,493,492 | ---- | M] () -- C:\Users\**\Desktop\Phishing.docx

[2010.09.10 16:14:58 | 000,011,549 | ---- | M] () -- C:\Users\**\Desktop\100910_**_Notenspiegel.pdf

[2010.09.10 15:00:04 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF

[2010.09.09 21:02:42 | 002,666,186 | ---- | M] () -- C:\Users\**\Desktop\100909_**.pdf

[2010.09.09 20:17:13 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2010.09.08 17:04:13 | 000,046,592 | -H-- | M] () -- C:\Windows\SysWow64\cmdsmon.dll

[2010.09.08 12:44:37 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk

[2010.08.20 13:21:21 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010.08.20 10:19:15 | 007,430,881 | ---- | M] () -- C:\Users\**\Desktop\100820_STA_Korrektur_2.pdf

[2010.08.19 17:49:40 | 000,056,806 | R--- | M] () -- C:\Users\**\Desktop\kniffel-blatt.pdf

[2010.08.18 09:21:41 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib

[2010.08.17 18:22:45 | 000,000,329 | ---- | M] () -- C:\Windows\03 IfoEdit.INI

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.09.13 14:00:39 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 11:13:36 | 000,181,760 | ---- | C] () -- C:\Users\**\Desktop\Starterpaket_Bestellformular.doc

[2010.09.13 10:53:40 | 000,002,282 | ---- | C] () -- C:\Users\**\Desktop\SpyHunter.lnk

[2010.09.13 10:31:00 | 000,038,214 | ---- | C] () -- C:\Users\**\Desktop\Spielauftrag-Philipp_Leinert.pdf

[2010.09.13 09:34:35 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2010.09.13 09:25:18 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk

[2010.09.13 09:25:15 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll

[2010.09.13 09:25:15 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll

[2010.09.13 09:25:15 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll

[2010.09.13 09:25:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll

[2010.09.13 08:51:22 | 000,089,760 | ---- | C] () -- C:\Users\**\Desktop\Phishing (1).pdf

[2010.09.10 17:14:11 | 000,493,492 | ---- | C] () -- C:\Users\**\Desktop\Phishing.docx

[2010.09.10 16:15:25 | 000,011,549 | ---- | C] () -- C:\Users\**\Desktop\100910_**.pdf

[2010.09.10 14:59:31 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF

[2010.09.09 21:05:35 | 002,666,186 | ---- | C] () -- C:\Users\**\Desktop\100909_**.pdf

[2010.09.09 20:17:13 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2010.09.08 17:04:13 | 000,046,592 | -H-- | C] () -- C:\Windows\SysWow64\cmdsmon.dll

[2010.09.08 12:44:37 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk

[2010.08.20 13:21:21 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010.08.20 10:19:30 | 007,430,881 | ---- | C] () -- C:\Users\**\Desktop\100820_STA_Korrektur_2.pdf

[2010.08.19 17:49:40 | 000,056,806 | R--- | C] () -- C:\Users\**\Desktop\kniffel-blatt.pdf

[2010.08.15 15:31:45 | 000,090,112 | ---- | C] () -- C:\Windows\RSetupCE.exe

[2010.07.12 11:26:17 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll

[2010.07.12 11:26:17 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll

[2010.07.12 11:26:17 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll

[2010.05.11 14:07:13 | 000,000,329 | ---- | C] () -- C:\Windows\03 IfoEdit.INI

[2010.05.11 10:39:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010.05.11 09:02:50 | 000,001,010 | ---- | C] () -- C:\Windows\PVAStrumento.ini

[2010.05.08 10:08:17 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.05.07 08:29:54 | 000,007,597 | ---- | C] () -- C:\Users\**\AppData\Local\Resmon.ResmonCfg

[2010.05.04 18:29:01 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.04.19 22:27:33 | 000,000,069 | ---- | C] () -- C:\Users\**\AppData\Roaming\Printer.ini

[2010.04.19 22:18:25 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\IlmImf.dll

[2010.04.19 22:18:25 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pmexr.dll

[2010.04.19 22:18:25 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmbm.dll

[2010.04.19 22:18:24 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Photomatix_jpg.dll

[2010.04.19 22:18:24 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pmtf2.dll

[2010.04.19 22:18:24 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\Photomatix25Lib.dll

[2010.04.19 22:18:24 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\Photomatix25Lib2.dll

[2010.04.19 22:18:24 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\pmtf1.dll

[2010.04.19 22:18:24 | 000,204,288 | ---- | C] () -- C:\Windows\SysWow64\pmtf3.dll

[2010.04.19 22:18:24 | 000,095,525 | ---- | C] () -- C:\Windows\SysWow64\Photomatix25Lib3.dll

[2010.04.17 11:20:18 | 000,013,824 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.09 13:43:19 | 000,000,668 | ---- | C] () -- C:\Users\**\AppData\Roaming\vso_ts_preview.xml

[2010.03.09 13:42:56 | 000,000,034 | ---- | C] () -- C:\Users\**\AppData\Roaming\pcouffin.log

[2010.03.09 13:42:35 | 000,099,384 | ---- | C] () -- C:\Users\**\AppData\Roaming\inst.exe

[2010.03.09 13:42:35 | 000,007,859 | ---- | C] () -- C:\Users\**\AppData\Roaming\pcouffin.cat

[2010.03.09 13:42:35 | 000,001,167 | ---- | C] () -- C:\Users\**\AppData\Roaming\pcouffin.inf

[2010.03.09 09:15:44 | 000,000,164 | ---- | C] () -- C:\Users\**\AppData\Roaming\default.rss

[2010.03.08 18:05:57 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll

[2010.03.08 16:58:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.03.08 09:11:10 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll

[2010.03.07 18:19:49 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Filme4.INI

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

 
 ========== LOP Check ==========

 

[2010.03.11 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\ACD Systems

[2010.03.08 19:13:07 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acoustica

[2010.03.08 18:01:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\AnvSoft

[2010.03.07 18:01:03 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\AquaSoft

[2010.04.18 16:12:47 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Avery

[2010.03.10 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Canon

[2010.08.17 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Cisyud

[2010.06.11 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Command and Conquer 4

[2010.03.18 16:51:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Cuttermaran

[2010.03.18 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\DAEMON Tools Lite

[2010.08.12 17:57:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.03.08 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Eazy-Ware

[2010.06.06 21:22:24 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FileZilla

[2010.03.16 13:50:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Foxit Software

[2010.03.08 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FreeVideoConverter

[2010.03.07 18:16:48 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\ID3-TagIT 3

[2010.03.06 23:01:47 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\IObit

[2010.03.07 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\MAGIX

[2010.03.09 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\MAXON

[2010.06.06 10:55:20 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Mp3tag

[2010.03.08 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\OBP6Backup

[2010.06.14 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PandoraRecovery

[2010.03.07 17:49:52 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PTC

[2010.07.01 21:25:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SanDisk

[2010.09.13 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Simply Super Software

[2010.05.27 11:34:05 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Supreme Auction

[2010.05.06 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Sync App Settings

[2010.03.06 23:09:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TerraTec

[2010.03.11 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TrueCrypt

[2010.03.07 18:03:58 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Ulead Systems

[2010.09.10 17:09:42 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Vohyo

[2010.05.19 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Vso

[2010.05.11 18:28:52 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\z2 Remote2PC

[2010.06.08 08:07:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

--- --- ---

Ich hoffe mir kann jemand helfen, diesen Mistkerl vom PC zu bekommen.
Falls noch weitere Infos benötigt werden, meldet euch bitte.

Also das Problem mit der Tan Eingabeaufforderung besteht immer noch und ich habe alle versteckten Dateien sichtbar gemacht.

MfG und schon mal Danke im voraus
sanwald

Hallo Chris,
ich wollte mich für deine Hilfe nochmals herzlich bedanken. Ich habe die Schritte nacheinander durchgeführt und mein Problem ist zumindest aus meiner Sicht gelöst. In wie weit das Problem tatsächlich gelöst ist kann ich natürlich nicht beurteilen. Auf jeden Fall kommt kein Frame mehr der zur Eingabe von Tans auffordert. Hab nun das Passwort geändert und hoffe das Problem damit gelöst zu haben.
Wenn ich dich richtig verstanden habe, ist deine Hilfe für mich beendet, da sich ein paar Sachen auf meinem PC befinden die da nichts verloren haben. Mir fällt dazu nur ein: "Wer ohne Sünde ist, der Werfe den ersten Stein."
Das muss auch nicht weiter diskutiert werden...

Ich poste die Ergebnisse der Untersuchung mal trotzdem noch und hoffe das stört hier niemanden!
Vielleicht kann mir noch jemand sagen woran es nun lag und welcher Arbeitsschritt das Problem behoben hat. Dann kann ich falls dies je wieder vorkommt evtl. selbstständig das Problem lösen.

Vielen Dank nochmals und Gruß

sanwald

PS. Kann man dem Forum auch Spenden zukommen lassen. Hab zwar kein Einkommen aber finde die Geschwindigkeit und Hilfeleistung von euch im Forum genial.

Aus dem syswow64 Ordner:

Code:

 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

cmdsmon.dll

Submission date:

2010-09-14 09:47:55 (UTC)

Current status:

queued (#1) queued (#1) analysing finished

Result:

18/ 43 (41.9%)

        

VT Community
 

not reviewed

 Safety score: - 

Compact

Print results

Antivirus         Version         Last Update         Result

AhnLab-V3        2010.09.13.00        2010.09.13        Backdoor/Win32.Papras

AntiVir        8.2.4.52        2010.09.14        -

Antiy-AVL        2.0.3.7        2010.09.14        -

Authentium        5.2.0.5        2010.09.14        -

Avast        4.8.1351.0        2010.09.14        Win32:Malware-gen

Avast5        5.0.594.0        2010.09.14        Win32:Malware-gen

AVG        9.0.0.851        2010.09.14        Crypt.AADD

BitDefender        7.2        2010.09.14        Trojan.Generic.4731194

CAT-QuickHeal        11.00        2010.09.14        -

ClamAV        0.96.2.0-git        2010.09.14        -

Comodo        6071        2010.09.14        -

DrWeb        5.0.2.03300        2010.09.14        Trojan.PWS.Grabber.68

Emsisoft        5.0.0.37        2010.09.14        Trojan.Crypt!IK

eSafe        7.0.17.0        2010.09.14        -

eTrust-Vet        36.1.7854        2010.09.14        -

F-Prot        4.6.1.107        2010.09.13        -

F-Secure        9.0.15370.0        2010.09.14        Trojan.Generic.4731194

Fortinet        4.1.143.0        2010.09.13        -

GData        21        2010.09.14        Trojan.Generic.4731194

Ikarus        T3.1.1.88.0        2010.09.14        Trojan.Crypt

Jiangmin        13.0.900        2010.09.14        -

K7AntiVirus        9.63.2502        2010.09.14        -

Kaspersky        7.0.0.125        2010.09.14        Backdoor.Win32.Papras.qo

McAfee        5.400.0.1158        2010.09.14        Artemis!A0545BC24D26

McAfee-GW-Edition        2010.1B        2010.09.14        Artemis!A0545BC24D26

Microsoft        1.6103        2010.09.14        -

NOD32        5449        2010.09.14        -

Norman        6.06.06        2010.09.13        -

nProtect        2010-09-14.01        2010.09.14        Backdoor/W32.Papras.46592.AD

Panda        10.0.2.7        2010.09.14        -

PCTools        7.0.3.5        2010.09.14        -

Prevx        3.0        2010.09.14        -

Rising        22.65.01.04        2010.09.14        Trojan.Win32.Generic.523049C9

Sophos        4.57.0        2010.09.14        -

Sunbelt        6873        2010.09.14        Trojan.Win32.Generic!BT

SUPERAntiSpyware        4.40.0.1006        2010.09.14        -

Symantec        20101.1.1.7        2010.09.14        -

TheHacker        6.7.0.0.017        2010.09.14        Backdoor/Papras.qo

TrendMicro        9.120.0.1004        2010.09.14        -

TrendMicro-HouseCall        9.120.0.1004        2010.09.14        -

VBA32        3.12.14.0        2010.09.14        Backdoor.Papras.qo

ViRobot        2010.8.25.4006        2010.09.14        -

VirusBuster        12.65.4.0        2010.09.14        -

Additional information

Show all

MD5   : a0545bc24d260335d5dec63d2d8f3217

SHA1  : 835a227037bbf35842369b1b353aadf1e6d5328d

SHA256: 1912ce3ad5558834684498fa8b89c0968988b695f7a46155d7b26eca0c191fe7

ssdeep: 768:VgiQQHhtYSAwgEhEfZGnZOendjGDw3DX+9BnFgoUbW7C:V7rpP2ardj+wqRFgoUbt

File size : 46592 bytes

First seen: 2010-09-08 20:41:38

Last seen : 2010-09-14 09:47:55

TrID:

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information
 

[[ basic data ]]

entrypointaddress: 0x7045

timedatestamp....: 0x39BF51A0 (Wed Sep 13 10:06:24 2000)

machinetype......: 0x14c (I386)
 

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x7000, 0x9000, 0x8A00, 6.66, 190f4f7e883587c9649d4eab5c729664

.rdata, 0x10000, 0x1000, 0x600, 4.12, fee64c8746379ce25680e7fe3c2a907b

.data, 0x11000, 0x2000, 0x2000, 6.31, 61d0a3aeb76904267863c49a2f0c4924

.reloc, 0x13000, 0x1000, 0x200, 0.62, 4746d20dee76316716a5025de79beebc
 

[[ 2 import(s) ]]

KERNEL32.dll: GetCurrentThreadId, WriteFile, HeapFree, FreeEnvironmentStringsA, SetFilePointer, GetStringTypeA, lstrcpyA, GetThreadContext, GetProcessHeap, HeapAlloc, UnmapViewOfFile, ExitProcess, OpenThread, CreateFileA, VirtualQueryEx, MapViewOfFileEx, CreateEventA, SetThreadIdealProcessor, GetEnvironmentStringsA, WaitForMultipleObjects, ReadFile, SwitchToThread, CreateFileMappingA

CSCU0FRA.dll: __toascii, ImmSetCompositionFontA, log, ILGetSize, ImmGetProperty, ImmUnlockIMC, FindExeDlgProc, _ui64toa, cos, ILRemoveLastID, isupper, strtol, DllUnregisterServer, atoi, Control_RunDLLA, labs, _CIcos, ImmCallImeConsoleIME
 

[[ 3 export(s) ]]

ClientDllCleanup, ClientDllStartup, CreateProcessNotify

Aus dem system32 Ordner:

Code:

 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

cmdsmon.dll

Submission date:

2010-09-14 09:51:07 (UTC)

Current status:

queued queued (#6) analysing finished

Result:

18/ 43 (41.9%)

        

VT Community
 

not reviewed

 Safety score: - 

Compact

Print results

Antivirus         Version         Last Update         Result

AhnLab-V3        2010.09.13.00        2010.09.13        Backdoor/Win32.Papras

AntiVir        8.2.4.52        2010.09.14        -

Antiy-AVL        2.0.3.7        2010.09.14        -

Authentium        5.2.0.5        2010.09.14        -

Avast        4.8.1351.0        2010.09.14        Win32:Malware-gen

Avast5        5.0.594.0        2010.09.14        Win32:Malware-gen

AVG        9.0.0.851        2010.09.14        Crypt.AADD

BitDefender        7.2        2010.09.14        Trojan.Generic.4731194

CAT-QuickHeal        11.00        2010.09.14        -

ClamAV        0.96.2.0-git        2010.09.14        -

Comodo        6071        2010.09.14        -

DrWeb        5.0.2.03300        2010.09.14        Trojan.PWS.Grabber.68

Emsisoft        5.0.0.37        2010.09.14        Trojan.Crypt!IK

eSafe        7.0.17.0        2010.09.14        -

eTrust-Vet        36.1.7854        2010.09.14        -

F-Prot        4.6.1.107        2010.09.13        -

F-Secure        9.0.15370.0        2010.09.14        Trojan.Generic.4731194

Fortinet        4.1.143.0        2010.09.13        -

GData        21        2010.09.14        Trojan.Generic.4731194

Ikarus        T3.1.1.88.0        2010.09.14        Trojan.Crypt

Jiangmin        13.0.900        2010.09.14        -

K7AntiVirus        9.63.2502        2010.09.14        -

Kaspersky        7.0.0.125        2010.09.14        Backdoor.Win32.Papras.qo

McAfee        5.400.0.1158        2010.09.14        Artemis!A0545BC24D26

McAfee-GW-Edition        2010.1B        2010.09.14        Artemis!A0545BC24D26

Microsoft        1.6103        2010.09.14        -

NOD32        5449        2010.09.14        -

Norman        6.06.06        2010.09.13        -

nProtect        2010-09-14.01        2010.09.14        Backdoor/W32.Papras.46592.AD

Panda        10.0.2.7        2010.09.14        -

PCTools        7.0.3.5        2010.09.14        -

Prevx        3.0        2010.09.14        -

Rising        22.65.01.04        2010.09.14        Trojan.Win32.Generic.523049C9

Sophos        4.57.0        2010.09.14        -

Sunbelt        6873        2010.09.14        Trojan.Win32.Generic!BT

SUPERAntiSpyware        4.40.0.1006        2010.09.14        -

Symantec        20101.1.1.7        2010.09.14        -

TheHacker        6.7.0.0.017        2010.09.14        Backdoor/Papras.qo

TrendMicro        9.120.0.1004        2010.09.14        -

TrendMicro-HouseCall        9.120.0.1004        2010.09.14        -

VBA32        3.12.14.0        2010.09.14        Backdoor.Papras.qo

ViRobot        2010.8.25.4006        2010.09.14        -

VirusBuster        12.65.4.0        2010.09.14        -

Additional information

Show all

MD5   : a0545bc24d260335d5dec63d2d8f3217

SHA1  : 835a227037bbf35842369b1b353aadf1e6d5328d

SHA256: 1912ce3ad5558834684498fa8b89c0968988b695f7a46155d7b26eca0c191fe7

ssdeep: 768:VgiQQHhtYSAwgEhEfZGnZOendjGDw3DX+9BnFgoUbW7C:V7rpP2ardj+wqRFgoUbt

File size : 46592 bytes

First seen: 2010-09-08 20:41:38

Last seen : 2010-09-14 09:51:07

TrID:

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information
 

[[ basic data ]]

entrypointaddress: 0x7045

timedatestamp....: 0x39BF51A0 (Wed Sep 13 10:06:24 2000)

machinetype......: 0x14c (I386)
 

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x7000, 0x9000, 0x8A00, 6.66, 190f4f7e883587c9649d4eab5c729664

.rdata, 0x10000, 0x1000, 0x600, 4.12, fee64c8746379ce25680e7fe3c2a907b

.data, 0x11000, 0x2000, 0x2000, 6.31, 61d0a3aeb76904267863c49a2f0c4924

.reloc, 0x13000, 0x1000, 0x200, 0.62, 4746d20dee76316716a5025de79beebc
 

[[ 2 import(s) ]]

KERNEL32.dll: GetCurrentThreadId, WriteFile, HeapFree, FreeEnvironmentStringsA, SetFilePointer, GetStringTypeA, lstrcpyA, GetThreadContext, GetProcessHeap, HeapAlloc, UnmapViewOfFile, ExitProcess, OpenThread, CreateFileA, VirtualQueryEx, MapViewOfFileEx, CreateEventA, SetThreadIdealProcessor, GetEnvironmentStringsA, WaitForMultipleObjects, ReadFile, SwitchToThread, CreateFileMappingA

CSCU0FRA.dll: __toascii, ImmSetCompositionFontA, log, ILGetSize, ImmGetProperty, ImmUnlockIMC, FindExeDlgProc, _ui64toa, cos, ILRemoveLastID, isupper, strtol, DllUnregisterServer, atoi, Control_RunDLLA, labs, _CIcos, ImmCallImeConsoleIME
 

[[ 3 export(s) ]]

ClientDllCleanup, ClientDllStartup, CreateProcessNotify

Hier der OTL Scan:

Code:

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.

File Protocol\Handler\msdaipp - No CLSID value found not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\ deleted successfully.

File P:\WD SmartWare.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\fingiles:C:\Windows\system32\cmdsmon.dll deleted successfully.

C:\Windows\SysWOW64\cmdsmon.dll moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: dani

->Temp folder emptied: 19388293 bytes

->Temporary Internet Files folder emptied: 249620 bytes

->Java cache emptied: 12221501 bytes

->FireFox cache emptied: 47461035 bytes

->Flash cache emptied: 3750 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1222248 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5390 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 77,00 mb

 

 

OTL by OldTimer - Version 3.2.12.0 log created on 09142010_115933
 

Files\Folders moved on Reboot...

C:\Users\dani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

und noch die Ergebnisse des 20 (!) Stündigen Suchlaufs mit Dr.Web

Code:

>>>>>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\45072ae1.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\45072ae1.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\45117cd1.qua/data001 infiziert mit BackDoor.Bifrost.95

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\45117cd1.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\451e64e9.qua/data001 infiziert mit BackDoor.Bifrost.95

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\451e64e9.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\45ea5da9.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\45ea5da9.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b3a28d5.qua/data001 infiziert mit Trojan.Siggen1.12574

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b3a28d5.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c342e2f.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c342e2f.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c4f2e35.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c4f2e35.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c5d2e4c.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c5d2e4c.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c622e50.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c622e50.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c642e50.qua/data001 infiziert mit Trojan.DownLoad1.39075

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c642e50.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c642e57.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c642e57.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cc29454.qua/data001 infiziert mit Trojan.PWS.Panda.479

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cc29454.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cc39454.qua/data001 infiziert mit Trojan.PWS.Panda.390

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cc39454.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4ccb9436.qua/data001 infiziert mit Trojan.Siggen1.12574

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4ccb9436.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cf79457.qua/data001 ist eine Adware Adware.LoudMo.31

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cf79457.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cfa9454.qua/data001 infiziert mit Trojan.Siggen1.12574

>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4cfa9454.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\45072ae1.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\45072ae1.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\45117cd1.qua/data001 infiziert mit BackDoor.Bifrost.95

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\45117cd1.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\451e64e9.qua/data001 infiziert mit BackDoor.Bifrost.95

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\451e64e9.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\45ea5da9.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\45ea5da9.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4b3a28d5.qua/data001 infiziert mit Trojan.Siggen1.12574

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4b3a28d5.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c342e2f.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c342e2f.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c4f2e35.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c4f2e35.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c5d2e4c.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c5d2e4c.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c622e50.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c622e50.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c642e50.qua/data001 infiziert mit Trojan.DownLoad1.39075

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c642e50.qua - Archiv enthält infizierte Objekte - verschoben

>>>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c642e57.qua/data001 wahrscheinlich infiziert mit Trojan.Packed.Based

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4c642e57.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cc29454.qua/data001 infiziert mit Trojan.PWS.Panda.479

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cc29454.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cc39454.qua/data001 infiziert mit Trojan.PWS.Panda.390

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cc39454.qua - Archiv enthält infizierte Objekte - verschoben

C:\Documents and Settings\dani\DoctorWeb\Quarantine\4ccb9436.qua gepackt von BINARY PACKAGE

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4ccb9436.qua - Archiv BINARYRES

>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4ccb9436.qua/data001 gepackt von XOREXE

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4ccb9436.qua/data001 infiziert mit Trojan.Siggen1.12574

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4ccb9436.qua - Archiv enthält infizierte Objekte - verschoben

C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cf79457.qua gepackt von BINARY PACKAGE

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cf79457.qua - Archiv BINARYRES

>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cf79457.qua/data001 gepackt von XOREXE

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cf79457.qua/data001 ist eine Adware Adware.LoudMo.31

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cf79457.qua - Archiv enthält infizierte Objekte - verschoben

C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cfa9454.qua gepackt von BINARY PACKAGE

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cfa9454.qua - Archiv BINARYRES

>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cfa9454.qua/data001 gepackt von XOREXE

>>>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cfa9454.qua/data001 infiziert mit Trojan.Siggen1.12574

>C:\Documents and Settings\dani\DoctorWeb\Quarantine\4cfa9454.qua - Archiv enthält infizierte Objekte - verschoben

C:\_OTL\MovedFiles\09142010_115933\C_Windows\SysWOW64\cmdsmon.dll infiziert mit Trojan.PWS.Grabber.68 - gelöscht

D:\Programme\Magix\Filme auf cd dvd\softupdate.exe infiziert mit Trojan.DownLoad1.54314 - nicht desinfizierbar - verschoben

>F:\progs install\aktuell ende 2007\ppc i780\Remote mit VNC Freeware\pc installer\vnc-4_1_2-x86_win32.exe/data002 - Archiv enthält infizierte Objekte

F:\progs install\aktuell ende 2007\ppc i780\Remote mit VNC Freeware\pc installer\vnc-4_1_2-x86_win32.exe - Archiv enthält infizierte Objekte - verschoben