Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner SPYEYE.H

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2011, 20:48   #1
twausl
 
Trojaner SPYEYE.H - Standard

Trojaner SPYEYE.H



Hallo allerseits,

meine Bank hat mir den Online-Zugang gesperrt mit der Begründung, ich hätte einen Trojaner an Bord. Antivir hatte reagiert + in Quarantäne gestellt und eigentlich dachte ich, damit wäre alles wieder gut. Nach Erneuerung der Zugangsdaten zur Bank kam aber von dort erneut eine Sperre und erneut der Hinweis auf (einen) Trojaner.

Probleme mit "Bank-Trojanern" werden massenweise geschildert, aber die Maßnahmen zur Beseitigung sind doch wohl immer sehr individuell. Daher wende ich mich an Euch mit der Bitte um Hilfe.

Die Logs vom Malwarebytes und OTL habe gemacht, siehe weiter unten.

P.S. Zwischendurch hatte ich auf Anraten eines Bekannten Antivir gelöscht und statt dessen Microsoft Security Essentials installiert. Mittlerweile habe ich allerdings auf Anraten eines anderen Bekannten wieder Antivir installiert und MS Sec. ---- gelassen. Die Frage daher noch: Stören sich die beiden bzw. welches soll ich lassen.

Für Eure Hilfe vorab vielen Dank!

T.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5465

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.01.2011 20:12:43
mbam-log-2011-01-05 (20-12-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145770
Laufzeit: 8 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 106

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\WINDOWS\system32\AdCache (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\malacuxatx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\malacuxatx.exe\malacuxatx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_631100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_631100.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_512000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_518300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_529100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_543800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_543800.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_563300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_565600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_614900.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_619300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_652600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_652700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_709700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_709900.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_533800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_612400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_612400.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_621000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_621100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_621700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_625200.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_655300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_655800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_4_514400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_4_514400.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_4_566800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_1_0_448600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_0_814200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_0_815600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_0_445900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_0_446000.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_511000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_546100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_560300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_566100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_591100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_608600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630700.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630700.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630800.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_535000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_535000.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_536400.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_536400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_540100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_540100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_542200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_543500.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_543500.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_568500.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_592300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_592300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_617400.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_617400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_624600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630900.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_531300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_0_815900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_624600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_507300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_581600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_630700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_630700.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_632400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_648400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_651900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_669600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_678100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710200.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710300.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710400.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_507300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518500.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518500.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518900.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_519300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_519300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_541100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548800.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_560600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_561200.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_561200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_581600.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_588100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_588100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_607600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_607600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_611600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_625800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_625800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_674800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_674800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\malacuxatx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
         
und

Code:
ATTFilter
OTL logfile created on: 05.01.2011 20:20:04 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): D:\pagefile.sys 2000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17,77 Gb Total Space | 4,35 Gb Free Space | 24,49% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 17,49 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
 
Computer Name: WIELAND | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
PRC - C:\Programme\T-DSL SpeedManager\TSMSvc.exe (T-Systems Nova, Berkom)
PRC - C:\Programme\D-Link AirPlus Xtreme G\AIRPLUS.exe (D-Link)
PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Service) --  File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
SRV - (TSMService) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSide) -- C:\WINDOWS\System32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows (R) 2000 DDK provider)
DRV - (TNPacket) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
[2010.01.06 20:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions
[2010.12.26 11:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\0ymbnlhj.default\extensions
[2010.04.29 18:41:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\0ymbnlhj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.27 19:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.04.13 07:19:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2008.08.26 07:40:31 | 000,260,870 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 9056 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Programme\FlashGet\Jccatch.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [malacuxatx.exe] C:\malacuxatx.exe\malacuxatx.exe File not found
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Programme\D-Link AirPlus Xtreme G\AIRPLUS.exe (D-Link)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Easy-WebPrint Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.07.06 07:00:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.05 19:57:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes
[2011.01.05 19:57:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.05 19:57:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.01.05 19:57:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.05 19:57:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.05 19:26:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011
[2011.01.05 19:25:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Avira
[2011.01.05 19:22:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.01.05 19:21:30 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.01.05 19:21:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.01.05 19:21:29 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.01.05 19:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.12.29 14:56:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2010.12.29 14:54:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.29 14:54:15 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.12.29 14:46:32 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.12.29 09:16:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.12.29 09:00:02 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.12.29 09:00:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.12.29 09:00:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.12.29 09:00:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.12.28 19:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2
[2010.12.28 08:48:56 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.12.28 08:48:55 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.12.27 12:04:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2010.12.27 12:03:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.12.27 10:25:37 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.12.27 10:18:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2010.12.27 10:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer
[2010.12.27 10:14:43 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2010.12.23 08:37:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Recent
[2010.12.19 18:50:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Briefe
[2010.12.17 05:30:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010.12.17 05:29:42 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010.12.15 19:17:40 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.12.15 19:16:54 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2
[2010.12.15 19:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.12.15 19:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.12.08 12:32:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2010.12.08 12:32:16 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.12.08 11:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.05 20:21:40 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.01.05 20:16:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.05 20:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.05 19:12:39 | 000,000,239 | RHS- | M] () -- C:\boot.ini
[2011.01.01 15:57:30 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.01 15:57:29 | 000,462,652 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.01.01 15:57:29 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.01 15:57:28 | 000,085,542 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.12.30 07:57:21 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010.12.29 14:56:03 | 000,001,538 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.12.29 14:46:50 | 000,001,846 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.12.29 11:26:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.12.29 08:11:50 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.12.27 19:11:38 | 000,000,811 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Internet Explorer Browser starten.lnk
[2010.12.27 12:04:20 | 000,000,921 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Spybot - Search & Destroy.lnk
[2010.12.23 08:37:02 | 000,087,856 | ---- | M] () -- C:\logfile
[2010.12.23 08:36:57 | 001,760,256 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2010.12.23 08:36:57 | 000,876,544 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.12.15 19:17:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.12.15 19:17:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.12.15 19:14:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.12.15 19:13:23 | 000,000,902 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.12.12 16:20:43 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.29 14:56:03 | 000,001,538 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.12.29 14:46:50 | 000,001,846 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2010.12.27 19:11:38 | 000,000,811 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\Internet Explorer Browser starten.lnk
[2010.12.27 12:04:20 | 000,000,921 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\Spybot - Search & Destroy.lnk
[2010.12.27 10:25:07 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.12.15 19:14:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2007.11.19 13:25:25 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.05.28 12:15:22 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.01.03 17:09:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005.01.15 21:24:59 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.11.27 13:13:17 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004.11.01 13:20:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2004.11.01 12:27:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004.10.31 12:42:37 | 000,000,528 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2004.10.31 12:13:18 | 000,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004.10.31 12:13:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004.10.31 11:52:12 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.10.30 21:49:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004.10.30 21:39:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2004.10.30 20:03:21 | 000,000,422 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004.10.30 19:31:09 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.07.06 08:17:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.07.06 07:43:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.07.06 07:36:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.07.06 07:20:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004.07.06 07:20:17 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2004.07.06 07:18:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004.07.06 07:18:11 | 000,123,279 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004.07.06 07:17:48 | 000,206,279 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004.07.06 07:17:20 | 000,002,915 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004.07.06 07:17:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003.10.16 18:02:58 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\smsc.ini
[2003.10.15 11:45:12 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvr223A.ini
[2003.09.16 19:31:32 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2003.09.16 19:31:10 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 13:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.20 20:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
 
========== LOP Check ==========
 
[2006.01.03 17:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2009.04.05 12:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2008.05.17 16:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.06.03 06:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009.04.10 07:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2004.10.30 20:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2004.11.01 16:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2010.11.04 13:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.01.03 18:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ACD Systems
[2011.01.01 17:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon
[2009.04.28 10:20:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Haufe
[2009.04.07 14:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Lexware
[2008.05.17 16:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Opera
[2004.10.30 20:02:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ScanSoft
[2004.11.01 17:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-DSL SpeedManager
[2010.12.27 10:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer
[2011.01.05 20:21:40 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 

< End of report >
         
sowie

Code:
ATTFilter
OTL Extras logfile created on: 05.01.2011 20:20:04 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Dokumente und Einstellungen\******\Desktop\Trojaner Januar 2011
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): D:\pagefile.sys 2000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17,77 Gb Total Space | 4,35 Gb Free Space | 24,49% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 17,49 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
 
Computer Name: familie | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A5F706-2FCC-4C14-9E9A-345C2DCB25E9}" = D-Link AirPlus Xtreme G Adapter
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{822586CA-0B15-428C-859A-64B3728F28E7}" = RemoteCapture Task
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3AA869-0769-4336-A1C1-3832D764EE29}" = ScanSoft OmniPage Pro 14.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}" = Direct Access USB 2.0 multi connect BAY
"{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = RAW Image Task
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04D6A72-92D3-44FB-9005-A89065245E33}" = Steuer Update 15.01
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Foto-Manager
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONBJ_Deinstall_CNMCP5m.DLL" = Canon i865
"Clean Ram_is1" = Clean Ram 1.15 - Free
"DivX Player" = DivX Player
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
"Easy-WebPrint" = Easy-WebPrint
"FlashGet(JetCar)" = FlashGet(JetCar)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{822586CA-0B15-428C-859A-64B3728F28E7}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = Canon RAW Image Task for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"PowerArchiver" = PowerArchiver
"ShockwaveFlash" = Macromedia Flash Player 8
"SiS VGA Utilities" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"TDSLSM" = T-DSL SpeedManager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2010 02:56:48 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 31.12.2010 02:58:51 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 31.12.2010 03:01:53 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 31.12.2010 03:02:25 | Computer Name = familie | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 31.12.2010 03:02:25 | Computer Name = familie | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 31.12.2010 09:31:32 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 31.12.2010 09:39:34 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 31.12.2010 09:40:37 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.01.2011 14:10:30 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.01.2011 14:17:29 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 02.11.2010 05:20:36 | Computer Name = familie | Source = Service Control Manager | ID = 7034
Description = Dienst "InCD Helper" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 29.12.2010 09:48:33 | Computer Name = familie | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 05.01.2011 14:20:34 | Computer Name = familie | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert.  
 
Error - 05.01.2011 14:20:34 | Computer Name = familie | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 05.01.2011 14:20:34 | Computer Name = familie | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\******\LOKALE~1\Temp\RarSFX0\redist.dll
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 05.01.2011 15:16:21 | Computer Name = familie | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
 
< End of report >
         

Alt 05.01.2011, 21:04   #2
markusg
/// Malware-holic
 
Trojaner SPYEYE.H - Standard

Trojaner SPYEYE.H



damit du an diesem pc wieder banking machen kannst, musst du neu aufsetzen und pc absichern.
wie folgt verfahren:
- daten wie dokumente bilder etc sichern
- windows cd einlegen, pc von cd starten, formatieren.
wähle die normale, nicht die schnelle formatierung.
http://www.trojaner-board.de/96344-a...-rechners.html
__________________

__________________

Alt 06.01.2011, 10:50   #3
twausl
 
Trojaner SPYEYE.H - Standard

Trojaner SPYEYE.H



Hallo Markusg,

erst mal vielen Dank für die schnelle Antwort!

Leider scheint ja der GAU eingetreten zu sein, daher hier noch ergänzend die Frage: Ich hätte einige Bilder und Textdokumente zu sichern. Wenn ich die auf einen USB-Stick oder eine SD-Karte kopiere >> Wie kann ich eigentlich sicher sein, daß ich damit nicht auch einen der Schädlinge mit auf das externe Medium kopiere? Wäre für kurze Info sehr dankbar!

VG
t.
__________________

Antwort

Themen zu Trojaner SPYEYE.H
0x00000001, adware.cydoor, antivir, assembly, avgntflt.sys, avira, beseitigung, bho, bonjour, canon, desktop, error, fehler, firefox, flash player, format, frage, helper, iexplore.exe, installation, location, logfile, maßnahme, microsoft office 2003, microsoft security, microsoft security essentials, mozilla, object, oldtimer, otl.exe, plug-in, pum.disabled.securitycenter, rarsfx0, realtek, registry, rundll, safer networking, saver, sched.exe, security, shell32.dll, software, system, system restore, trojan.spyeyes, trojaner, usb 2.0, windows internet




Ähnliche Themen: Trojaner SPYEYE.H


  1. Trojaner: Trojan.Spyeye!conf
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (5)
  2. 100 Tan Trojaner (Spyeye)
    Log-Analyse und Auswertung - 06.11.2011 (26)
  3. Spyeye - was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (5)
  4. Online Banking Tan Abfrage Trojaner evtl Spyeye
    Log-Analyse und Auswertung - 12.08.2011 (2)
  5. Bluescreen, Systemabstürze, Javavirus und Trojaner Spyeye gefunden - Bitte um Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2011 (2)
  6. Spyeye Trojaner legt Onlinebanking lahm
    Plagegeister aller Art und deren Bekämpfung - 22.07.2011 (3)
  7. SpyEye Trojaner -timer2Tray- mit Ausführlichem Bericht
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (6)
  8. Wahrscheinlich die Trojaner Zeus oder Spyeye
    Log-Analyse und Auswertung - 07.06.2011 (5)
  9. Tr/Spyeye.ad
    Plagegeister aller Art und deren Bekämpfung - 25.05.2011 (3)
  10. Trojaner spyeye
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (1)
  11. SpyEye Verdacht
    Log-Analyse und Auswertung - 10.05.2011 (6)
  12. Spyeye-Warnung
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (18)
  13. Spyeye Trojaner hat laut Bank meinen PC infiziert
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (18)
  14. wahrscheinlich spyeye!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2011 (19)
  15. Trojaner SpyEye und Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (11)
  16. portwexexe.exe (spyeye)
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (27)
  17. TR/Spyeye.H.2, DR/Ransom.Losya.I.5, TR/Spy.Spyeye.F und JAVA/OpenConnect.CF
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (13)

Zum Thema Trojaner SPYEYE.H - Hallo allerseits, meine Bank hat mir den Online-Zugang gesperrt mit der Begründung, ich hätte einen Trojaner an Bord. Antivir hatte reagiert + in Quarantäne gestellt und eigentlich dachte ich, damit - Trojaner SPYEYE.H...
Archiv
Du betrachtest: Trojaner SPYEYE.H auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.