Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner nach BKA-Meldung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.03.2012, 13:46   #1
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Hallo.

Nachdem sich eine BKA-Mitteilung auf meinem PC geöffnet hatte (die ich nur wegbekam, indem ich den Rechner zum Herunterfahren zwang), meldete AntiVir einen Trojaner. Ich habe versucht, im Internet zu recherchieren, aber regelmäßig erscheint die BKA-Meldung wieder und ich muss den Rechner herunterfahren. Deswegen wende ich mich verzweifelt an euch. Ich bin entsetzlich ahnungslos, was Computertechnologie angeht. Akribisch genau habe ich die Anweisungen des Forums befolgt und die Log-Dateien erstellt. (Wann darf ich denn das re-enable in diesem defogger betätigen?) Ich bitte euch dringend um Hilfe!!!

Vielen Dank!
Fran

P.S: Die DDS-File habe ich wie gefordert hier rein kopiert. Im Anhang befindet sie sich nochmal nebst den anderen beiden Logfiles.

DDS-Text:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Claudia at 11:51:54 on 2012-03-09
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.49.1031.18.1900.798 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\asus\Wireless Console 3\wcourier.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Users\Claudia\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.3\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {B106B661-3E1B-4015-AF5C-195E909F35C6} - No File
uRun: [LicenseValidator] c:\users\claudia\appdata\roaming\identities\{8e802f35-4ba7-46ff-beca-9b273d732d5f}\LicenseValidator.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\claudia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Free YouTube Download - c:\users\claudia\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\14C4943454D275C414E42313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\7596C646562702F4374756E6 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\75C414E4D2030313 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\components\PriceGongFF.dll
FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCore.dll
FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: adapter@babylontc.com - c:\program files\mozilla firefox\extensions\adapter@babylontc.com
FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\mozilla firefox\extensions\ocr@babylon.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\claudia\appdata\roaming\NetAssistant
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-9 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-9 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-9 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-3-9 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-9 74640]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-8 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-09 10:46:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\offreg.dll
2012-03-09 10:39:51 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\mpengine.dll
2012-03-09 10:37:22 -------- d-----w- c:\program files\Ask.com
2012-03-09 10:36:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-09 10:36:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-07 19:00:50 -------- d-----w- c:\users\claudia\appdata\roaming\Avira
2012-03-07 19:00:03 -------- d-----w- c:\programdata\Avira
2012-03-07 19:00:03 -------- d-----w- c:\program files\Avira
2012-03-03 16:34:48 -------- d-----w- c:\users\claudia\.thumb
2012-03-02 09:06:56 -------- d-----w- c:\users\claudia\appdata\roaming\TeamViewer
2012-02-16 02:31:23 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-16 02:09:59 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe
2012-02-15 05:46:27 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:46:21 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:46:16 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:45:57 2340864 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:10:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 02:10:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 02:10:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 02:10:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 02:10:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 02:10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 02:10:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 02:10:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 02:10:00 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 02:09:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 02:09:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 02:09:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 02:09:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 02:09:56 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 02:09:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 02:09:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 02:09:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 02:09:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 02:09:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-16 02:09:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-16 02:09:53 1798656 ----a-w- c:\windows\system32\jscript9.dll
2006-05-03 11:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 11:53:23,57 ===============

Alt 09.03.2012, 15:27   #2
markusg
/// Malware-holic
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



hi,
1. öffne avira, ereignisse, fundmeldung (en) posten.
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 09.03.2012, 16:22   #3
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Hallo Markus,

danke für deine schnellen Bemühungen.
Habe avira nochmal scannen lassen, diesmal zeigte es eigenartigerweise keinen Fund an. Vielleicht, weil es den TR in Quarantäne verschoben hatte? Naja, das weißt du vermutlich ohnehin besser als ich. Kopiere dir den Report vom avira-Scan trotzdem mit rein, danach dann OTL und Extras. Hoffe, du findest was. Mein PC ist inzwischen auch ganz schön langsam, hat sich 1x aufgehangen.

Avira-Report:

Avira Free Antivirus
Report file date: Freitag, 9. März 2012 15:38

Scanning for 3537865 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Claudia
Computer name : CLAUDIA-PC

Version information:
BUILD.DAT : 12.0.0.849 41825 Bytes 23.09.2011 20:19:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 23.09.2011 17:04:46
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23.09.2011 12:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 23.09.2011 11:55:16
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 09.03.2012 10:39:36
AVREG.DLL : 12.1.0.29 228048 Bytes 09.03.2012 10:39:35
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:38:58
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 10:39:11
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 10:39:11
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 10:39:11
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 10:39:11
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 10:39:11
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 10:39:11
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 10:39:11
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 10:39:12
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 10:39:12
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 10:39:12
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 10:39:15
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 10:39:17
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 10:39:17
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 10:39:17
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 10:39:18
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 10:39:18
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 10:39:19
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 10:39:19
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 10:39:20
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 10:39:20
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 10:39:21
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 10:39:22
VBASE025.VDF : 7.11.24.205 2048 Bytes 07.03.2012 10:39:22
VBASE026.VDF : 7.11.24.206 2048 Bytes 07.03.2012 10:39:22
VBASE027.VDF : 7.11.24.207 2048 Bytes 07.03.2012 10:39:22
VBASE028.VDF : 7.11.24.208 2048 Bytes 07.03.2012 10:39:22
VBASE029.VDF : 7.11.24.209 2048 Bytes 07.03.2012 10:39:24
VBASE030.VDF : 7.11.24.210 2048 Bytes 07.03.2012 10:39:24
VBASE031.VDF : 7.11.24.248 124416 Bytes 09.03.2012 10:39:24
Engineversion : 8.2.10.14
AEVDF.DLL : 8.1.2.2 106868 Bytes 09.03.2012 10:39:34
AESCRIPT.DLL : 8.1.4.8 455034 Bytes 09.03.2012 10:39:34
AESCN.DLL : 8.1.8.2 131444 Bytes 09.03.2012 10:39:33
AESBX.DLL : 8.2.4.5 434549 Bytes 09.03.2012 10:39:35
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 09.03.2012 10:39:33
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 09.03.2012 10:39:31
AEHEUR.DLL : 8.1.4.3 4444534 Bytes 09.03.2012 10:39:31
AEHELP.DLL : 8.1.19.0 254327 Bytes 09.03.2012 10:39:26
AEGEN.DLL : 8.1.5.23 409973 Bytes 09.03.2012 10:39:25
AEEXP.DLL : 8.1.0.24 74101 Bytes 09.03.2012 10:39:35
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.5 201079 Bytes 09.03.2012 10:39:25
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 23.09.2011 11:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 23.09.2011 10:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 23.09.2011 10:55:01
AVARKT.DLL : 12.1.0.17 223184 Bytes 23.09.2011 10:25:26
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23.09.2011 10:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 16.09.2011 01:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 23.09.2011 11:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 23.09.2011 11:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23.09.2011 12:37:25
RCTEXT.DLL : 12.1.0.16 96208 Bytes 23.09.2011 12:37:24

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Freitag, 9. März 2012 15:38

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'Defogger.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'Updater.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sppsvc.exe' - '1' Module(s) have been scanned
Scan process 'NASvc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'Babylon.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'TuneUpUtilitiesApp32.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'TuneUpUtilitiesService32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '523' files ).



End of the scan: Freitag, 9. März 2012 15:40
Used time: 01:28 Minute(s)

The scan has been done completely.

0 Scanned directories
1242 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1242 Files not concerned
13 Archives were scanned
0 Warnings
0 Notes



OTL-txt.:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.03.2012 16:01:47 - Run 1
OTL by OldTimer - Version 3.2.36.2     Folder = C:\Users\Claudia\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 55,93% Memory free
3,71 Gb Paging File | 2,62 Gb Available in Paging File | 70,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 70,85 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 15,92 Gb Free Space | 23,36% Space Free | Partition Type: NTFS
Drive E: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.09 15:59:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
PRC - [2012.01.04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.11.18 14:13:54 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.11.18 14:13:46 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.08.25 14:06:04 | 003,346,544 | ---- | M] (Babylon Ltd.) -- C:\Programme\Babylon\Babylon-Pro\Babylon.exe
PRC - [2011.08.01 13:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.08.11 19:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.11 19:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.18 14:13:54 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 12:08:37 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (pxliafog)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mbr)
DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2007.07.31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 4C A1 72 5B 9C CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{945BA5EF-4688-49A0-9499-452A8DC3725F}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://g.live.com/1rewlive4startup/home"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 10:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 10:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.17 12:33:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Claudia\AppData\Roaming\NetAssistant\ [2011.10.09 09:36:03 | 000,000,000 | ---D | M]
 
[2011.01.14 15:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.01.14 15:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.09 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions
[2011.10.09 09:35:36 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.02.18 09:23:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.22 17:00:54 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.05.30 16:46:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.09 09:21:48 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.10.09 09:21:30 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.03.09 11:42:56 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\toolbar@ask.com
[2011.01.06 22:03:51 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\youtube2mp3@mondayx.de
[2011.04.18 22:40:45 | 000,001,832 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\bing.xml
[2011.10.09 09:21:19 | 000,003,915 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\sweetim.xml
[2011.11.14 16:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.16 00:13:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.11.14 16:46:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
[2011.10.31 01:49:47 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.11.14 16:46:39 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Programme\Mozilla Firefox\extensions\ocr@babylon.com
[2011.03.16 00:13:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.11.14 16:46:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.11.14 16:46:39 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\OCR@BABYLON.COM
[2011.10.09 09:36:03 | 000,000,000 | ---D | M] (Freeze.com NetAssistant) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\NETASSISTANT
[2011.03.16 00:12:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 07:21:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 07:21:23 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 07:21:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 07:21:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 07:21:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.3\PriceGongIE.dll (PriceGong)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\asus\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe File not found
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.09 16:00:18 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.03.09 15:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.09 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Logfiles
[2012.03.09 13:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 13:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 11:51:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Claudia\Desktop\dds.com
[2012.03.09 11:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.03.09 11:36:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.09 11:36:57 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.09 11:36:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.09 11:36:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.07 20:00:50 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira
[2012.03.07 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.07 20:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.07 19:31:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Opera
[2012.03.03 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Claudia\.thumb
[2012.03.02 10:11:03 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Help
[2012.03.02 10:06:56 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\TeamViewer
[2011.05.20 08:31:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Claudia\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.09 15:59:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.03.09 15:36:54 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.09 15:36:11 | 000,012,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 15:36:10 | 000,012,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 11:58:43 | 000,302,592 | ---- | M] () -- C:\Users\Claudia\Desktop\coicerpu.exe
[2012.03.09 11:51:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Claudia\Desktop\dds.com
[2012.03.09 11:49:42 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable
[2012.03.09 11:47:51 | 000,050,477 | ---- | M] () -- C:\Users\Claudia\Desktop\Defogger.exe
[2012.03.09 11:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.09 11:33:54 | 1494,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.08 07:30:45 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.08 07:30:45 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.08 07:30:45 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.08 07:30:45 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.18 12:41:34 | 000,060,929 | ---- | M] () -- C:\Users\Claudia\Documents\fine.odt
[2012.02.16 03:33:41 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.16 03:09:57 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2012.03.09 11:58:56 | 000,302,592 | ---- | C] () -- C:\Users\Claudia\Desktop\coicerpu.exe
[2012.03.09 11:49:42 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable
[2012.03.09 11:48:46 | 000,050,477 | ---- | C] () -- C:\Users\Claudia\Desktop\Defogger.exe
[2012.03.09 11:37:54 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.18 12:15:40 | 000,060,929 | ---- | C] () -- C:\Users\Claudia\Documents\fine.odt
[2012.02.16 03:09:57 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.11.14 16:44:21 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.10.31 01:50:53 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2011.09.11 21:39:36 | 000,005,632 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.04 09:48:28 | 000,000,275 | ---- | C] () -- C:\Users\Claudia\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.05.20 08:40:50 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.05.20 08:31:06 | 000,087,608 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\inst.exe
[2011.05.20 08:31:06 | 000,007,887 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.cat
[2011.05.20 08:31:06 | 000,001,144 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.inf
[2011.04.19 21:50:39 | 000,000,079 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\vso_ts_preview.xml
[2011.01.28 11:18:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.13 23:17:34 | 000,000,033 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
[2010.08.25 19:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 19:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.08.25 19:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012.01.06 07:21:03 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Amazon
[2011.12.16 23:35:44 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Babylon
[2011.10.28 06:09:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Digiarty
[2011.08.16 19:57:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft
[2011.02.18 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.23 08:14:23 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\GHISLER
[2011.01.06 21:54:01 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Local
[2011.10.09 09:36:03 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\NetAssistant
[2011.11.14 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenCandy
[2011.01.06 21:59:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2012.03.07 19:31:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Opera
[2012.03.02 10:06:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TeamViewer
[2011.01.14 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2011.11.22 22:07:09 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software
[2011.05.20 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vso
[2011.08.16 19:48:04 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Xilisoft
[2011.04.16 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\XMedia Recode
[2009.07.14 05:53:46 | 000,029,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.16 23:45:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.29 07:39:13 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.01.06 21:31:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.25 08:35:02 | 000,000,000 | ---D | M] -- C:\HP
[2011.04.26 08:12:39 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.09 13:29:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.07 23:49:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.06 21:31:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.06 21:31:13 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.09 16:03:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.21 20:41:34 | 000,000,000 | ---D | M] -- C:\Temp
[2011.01.06 21:31:21 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.09 11:33:54 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.09 11:49:42 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable
[2012.03.09 16:14:15 | 003,145,728 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat
[2012.03.09 16:14:15 | 000,262,144 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat.LOG1
[2011.01.06 21:31:22 | 000,000,000 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat.LOG2
[2012.03.07 23:50:38 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{19b72e9e-68a7-11e1-97d7-b5b926bb88f7}.TM.blf
[2012.03.07 23:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{19b72e9e-68a7-11e1-97d7-b5b926bb88f7}.TMContainer00000000000000000001.regtrans-ms
[2012.03.07 23:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{19b72e9e-68a7-11e1-97d7-b5b926bb88f7}.TMContainer00000000000000000002.regtrans-ms
[2011.01.05 22:22:54 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.01.05 22:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.01.05 22:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.03.09 15:55:47 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{aad492bc-69d2-11e1-af7e-e8d4d8e9b1f7}.TM.blf
[2012.03.09 15:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{aad492bc-69d2-11e1-af7e-e8d4d8e9b1f7}.TMContainer00000000000000000001.regtrans-ms
[2012.03.09 15:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{aad492bc-69d2-11e1-af7e-e8d4d8e9b1f7}.TMContainer00000000000000000002.regtrans-ms
[2011.01.06 21:31:22 | 000,000,020 | -HS- | M] () -- C:\Users\Claudia\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.03.2012 16:01:47 - Run 1
OTL by OldTimer - Version 3.2.36.2     Folder = C:\Users\Claudia\Desktop
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 55,93% Memory free
3,71 Gb Paging File | 2,62 Gb Available in Paging File | 70,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 70,85 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 15,92 Gb Free Space | 23,36% Space Free | Partition Type: NTFS
Drive E: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Convertor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Babylon" = Babylon
"DealPly" = DealPly
"druckstdu.de Designer 1.6.1_is1" = druckstdu.de Designer 1.6.1
"DVDStyler_is1" = DVDStyler v2.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.0.815
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"PriceGong" = PriceGong 2.5.3
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"NetAssistant 3.6.5" = NetAssistant for Firefox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2012 04:32:36 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description = 
 
Error - 23.02.2012 07:09:09 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description = 
 
Error - 27.02.2012 09:40:16 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description = 
 
Error - 02.03.2012 08:39:41 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4429,
 Zeitstempel: 0x4f3ce50d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000008  Fehleroffset: 0x0007f3d7  ID des fehlerhaften
 Prozesses: 0x82c  Startzeit der fehlerhaften Anwendung: 0x01ccf55580436368  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c760829b-6464-11e1-8412-a04d2711c6e6
 
Error - 02.03.2012 08:40:03 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4429,
 Zeitstempel: 0x4f3ce4d4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046850  ID des fehlerhaften
 Prozesses: 0xb68  Startzeit der fehlerhaften Anwendung: 0x01ccf555b026793c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d473425c-6464-11e1-8412-a04d2711c6e6
 
Error - 02.03.2012 14:08:33 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description = 
 
Error - 03.03.2012 07:34:47 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVDStyler.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4ec2d984  Name des fehlerhaften Moduls: DVDStyler.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4ec2d984  Ausnahmecode: 0xc0000094  Fehleroffset: 0x00080a13  ID des fehlerhaften
 Prozesses: 0x22e0  Startzeit der fehlerhaften Anwendung: 0x01ccf931a0cf75a3  Pfad der
 fehlerhaften Anwendung: C:\Program Files\DVDStyler\bin\DVDStyler.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\DVDStyler\bin\DVDStyler.exe  Berichtskennung: e1186fb5-6524-11e1-ac6d-814f569fc9e3
 
Error - 03.03.2012 07:34:55 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVDStyler.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4ec2d984  Name des fehlerhaften Moduls: DVDStyler.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4ec2d984  Ausnahmecode: 0xc0000094  Fehleroffset: 0x00080a13  ID des fehlerhaften
 Prozesses: 0x2178  Startzeit der fehlerhaften Anwendung: 0x01ccf931a7959147  Pfad der
 fehlerhaften Anwendung: C:\Program Files\DVDStyler\bin\DVDStyler.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\DVDStyler\bin\DVDStyler.exe  Berichtskennung: e56fcc2b-6524-11e1-ac6d-814f569fc9e3
 
Error - 04.03.2012 12:34:38 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description = 
 
Error - 07.03.2012 14:40:00 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description = 
 
[ System Events ]
Error - 09.03.2012 06:30:48 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:48 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.03.2012 06:31:25 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 10:55:59 | Computer Name = Claudia-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Bis dann!
__________________

Alt 09.03.2012, 16:23   #4
markusg
/// Malware-holic
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



ich brauch schon die fundmeldung, entweder avira, berichte, falls beim scan, oder avira, ereignisse, falls vom hintergrund wächter :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.03.2012, 16:27   #5
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Es hat heute vormittag gedudelt und avira zeigte den Fund. Ich musste ja den PC runterfahren und danach zeigte es ihn nicht nochmal. wie find ich denn den bericht von heute vormittag?


Alt 09.03.2012, 16:29   #6
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Ach, hab ihn. Hier der Report von heut mittag:

Avira Free Antivirus
Report file date: Freitag, 9. März 2012 12:02

Scanning for 3537865 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CLAUDIA-PC

Version information:
BUILD.DAT : 12.0.0.849 41825 Bytes 23.09.2011 20:19:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 23.09.2011 17:04:46
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23.09.2011 12:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 23.09.2011 11:55:16
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 09.03.2012 10:39:36
AVREG.DLL : 12.1.0.29 228048 Bytes 09.03.2012 10:39:35
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:38:58
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 10:39:11
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 10:39:11
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 10:39:11
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 10:39:11
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 10:39:11
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 10:39:11
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 10:39:11
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 10:39:12
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 10:39:12
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 10:39:12
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 10:39:15
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 10:39:17
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 10:39:17
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 10:39:17
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 10:39:18
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 10:39:18
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 10:39:19
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 10:39:19
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 10:39:20
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 10:39:20
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 10:39:21
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 10:39:22
VBASE025.VDF : 7.11.24.205 2048 Bytes 07.03.2012 10:39:22
VBASE026.VDF : 7.11.24.206 2048 Bytes 07.03.2012 10:39:22
VBASE027.VDF : 7.11.24.207 2048 Bytes 07.03.2012 10:39:22
VBASE028.VDF : 7.11.24.208 2048 Bytes 07.03.2012 10:39:22
VBASE029.VDF : 7.11.24.209 2048 Bytes 07.03.2012 10:39:24
VBASE030.VDF : 7.11.24.210 2048 Bytes 07.03.2012 10:39:24
VBASE031.VDF : 7.11.24.248 124416 Bytes 09.03.2012 10:39:24
Engineversion : 8.2.10.14
AEVDF.DLL : 8.1.2.2 106868 Bytes 09.03.2012 10:39:34
AESCRIPT.DLL : 8.1.4.8 455034 Bytes 09.03.2012 10:39:34
AESCN.DLL : 8.1.8.2 131444 Bytes 09.03.2012 10:39:33
AESBX.DLL : 8.2.4.5 434549 Bytes 09.03.2012 10:39:35
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 09.03.2012 10:39:33
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 09.03.2012 10:39:31
AEHEUR.DLL : 8.1.4.3 4444534 Bytes 09.03.2012 10:39:31
AEHELP.DLL : 8.1.19.0 254327 Bytes 09.03.2012 10:39:26
AEGEN.DLL : 8.1.5.23 409973 Bytes 09.03.2012 10:39:25
AEEXP.DLL : 8.1.0.24 74101 Bytes 09.03.2012 10:39:35
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.5 201079 Bytes 09.03.2012 10:39:25
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 23.09.2011 11:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 23.09.2011 10:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 23.09.2011 10:55:01
AVARKT.DLL : 12.1.0.17 223184 Bytes 23.09.2011 10:25:26
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23.09.2011 10:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 16.09.2011 01:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 23.09.2011 11:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 23.09.2011 11:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23.09.2011 12:37:25
RCTEXT.DLL : 12.1.0.16 96208 Bytes 23.09.2011 12:37:24

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f59de02\guard_slideup.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Freitag, 9. März 2012 12:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'Defogger.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Updater.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sppsvc.exe' - '1' Module(s) have been scanned
Scan process 'NASvc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'Babylon.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'TuneUpUtilitiesApp32.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'TuneUpUtilitiesService32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe'
C:\Users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe
[DETECTION] Is the TR/Offend.7268664 Trojan
[NOTE] The registration entry <HKEY_USERS\S-1-5-21-2889182835-3214054709-1994771838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LicenseValidator> was successfully repaired.
[NOTE] The file was moved to the quarantine directory under the name '498e48d1.qua'.


End of the scan: Freitag, 9. März 2012 12:02
Used time: 00:04 Minute(s)

The scan has been done completely.

0 Scanned directories
61 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
60 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

Alt 09.03.2012, 16:41   #7
markusg
/// Malware-holic
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



hi,
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.03.2012, 17:16   #8
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Hier die log-File des Programms. Ich hoffe, ich habe es geschafft, vorher alle erforderlichen Programme zu schließen bzw. zu deaktivieren.

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-09.05 - Claudia 09.03.2012  17:03:41.1.2 - x86
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.49.1031.18.1900.899 [GMT 1:00]
ausgeführt von:: c:\users\Claudia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Claudia\AppData\Local\TempDIR
c:\users\Claudia\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Claudia\AppData\Roaming\Help\coredb\storage
c:\users\Claudia\AppData\Roaming\inst.exe
c:\users\Claudia\AppData\Roaming\Local
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel.S02E22._.Home.sweet.home.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x08.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi(2).ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x19.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel.S02E22._.Home.sweet.home.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x08.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x19.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\Claudia\AppData\Roaming\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))
.
.
2012-03-09 16:10 . 2012-03-09 16:10	--------	d-----w-	c:\users\Claudia\AppData\Local\temp
2012-03-09 16:10 . 2012-03-09 16:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-09 12:29 . 2012-03-09 12:29	--------	d-----w-	c:\program files\7-Zip
2012-03-09 10:46 . 2012-03-09 10:46	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{024CE031-FA56-4DBD-BA7A-D9DD8E5C9B19}\offreg.dll
2012-03-09 10:39 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{024CE031-FA56-4DBD-BA7A-D9DD8E5C9B19}\mpengine.dll
2012-03-09 10:37 . 2012-03-09 10:37	--------	d-----w-	c:\program files\Ask.com
2012-03-09 10:36 . 2011-09-18 07:39	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-09 10:36 . 2011-09-15 22:55	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-09 10:36 . 2011-09-15 22:55	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-07 19:00 . 2012-03-07 19:00	--------	d-----w-	c:\users\Claudia\AppData\Roaming\Avira
2012-03-07 19:00 . 2012-03-09 14:36	--------	d-----w-	c:\programdata\Avira
2012-03-07 19:00 . 2012-03-07 19:00	--------	d-----w-	c:\program files\Avira
2012-03-03 16:34 . 2012-03-03 16:34	--------	d-----w-	c:\users\Claudia\.thumb
2012-03-02 09:06 . 2012-03-02 09:06	--------	d-----w-	c:\users\Claudia\AppData\Roaming\TeamViewer
2012-02-16 02:31 . 2012-02-16 02:31	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-02-15 05:46 . 2012-01-03 05:44	478208	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 05:46 . 2011-12-16 07:59	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 05:46 . 2012-01-04 09:03	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 05:45 . 2012-01-14 03:48	2340864	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-12-13 10:53	237072	------w-	c:\windows\system32\MpSigStub.exe
2006-05-03 11:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 12:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 14:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-08-11 1597440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2011-08-25 3346544]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-08 10064]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
*NewlyCreated* - PXLIAFOG
*NewlyCreated* - WS2IFSL
*Deregistered* - pxliafog
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Free YouTube Download - c:\users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: adapter@babylontc.com - c:\program files\Mozilla Firefox\extensions\adapter@babylontc.com
FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\Mozilla Firefox\extensions\ocr@babylon.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\Claudia\AppData\Roaming\NetAssistant
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKCU-Run-LicenseValidator - c:\users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-09  17:12:08
ComboFix-quarantined-files.txt  2012-03-09 16:12
.
Vor Suchlauf: 8 Verzeichnis(se), 75.860.783.104 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 75.543.928.832 Bytes frei
.
- - End Of File - - B5085ADFC05733799E9E83883D7DEA83
         
--- --- ---

Alt 09.03.2012, 17:46   #9
markusg
/// Malware-holic
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.03.2012, 20:02   #10
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.09.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Claudia :: CLAUDIA-PC [Administrator]

Schutz: Aktiviert

09.03.2012 18:44:39
mbam-log-2012-03-09 (18-44-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 299552
Laufzeit: 59 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Users\Claudia\AppData\Local\TempDIR\BetterInstaller.exe.vir (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 09.03.2012, 20:03   #11
markusg
/// Malware-holic
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



sehr gut.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.03.2012, 20:22   #12
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Lade den Cleaner grad und mach mich grad ans Werk. An dieser Stelle schonmal tausend Dank für deine Hilfe!!! Entnehme ich deinem "sehr gut", dass das Mistvieh weg ist?

Alt 09.03.2012, 20:32   #13
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



Soll ich diese Option "Intelligent nach nicht zu löschenden Cookies scannen" bestätigen oder verneinen?

Alt 09.03.2012, 20:45   #14
fran
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



7-Zip 9.20 08.03.2012 UNBEKANNT
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 15.08.2011 6,00MB 10.3.183.5 BESTIMMT NOTWENDIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.10.2011 6,00MB 11.0.1.152 BESTIMMT NOTWENDIG
Adobe Reader X - Deutsch Adobe Systems Incorporated 04.01.2011 115,1MB 10.0.0 UNBEKANNT
Amazon MP3-Downloader 1.0.9 05.01.2012 UNNÖTIG
ASUS Virtual Camera asus 06.01.2011 3,12MB 1.0.20 NOTWENDIG
Avira Free Antivirus Avira 08.03.2012 104,6MB 12.0.0.849 NOTWENDIG
Avira SearchFree Toolbar plus Web Protection Ask.com 08.03.2012 4,25MB 1.14.1.0 NOTWENDIG
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 08.03.2012 1.2.0.20064 NOTWENDIG
AVS Video Converter 7 Online Media Technologies Ltd. 18.04.2011 UNBEKANNT
Babylon Babylon 13.11.2011 UNNÖTIG
CCleaner Piriform 08.03.2012 3.16 UNBEKANNT
DealPly DealPly 08.10.2011 UNBEKANNT
druckstdu.de Designer 1.6.1 druckstdu 01.09.2011 70,0MB UNNÖTIG
DVDStyler v2.0.1 20.11.2011 25,8MB NOTWENDIG
File Type Assistant Trusted Software 08.10.2011 1,96MB UNBEKANNT
Free YouTube Download version 3.0.815 DVDVideoSoft Ltd.. 15.08.2011 41,9MB NOTWENDIG
Google Chrome Google Inc. 08.03.2012 17.0.963.78 UNBEKANNT
Hamster Free Video Convertor Hamster Soft 03.09.2011 16,1MB 2.0.0.24 NOTWENDIG
Java(TM) 6 Update 24 Oracle 15.03.2011 94,8MB 6.0.240 UNBEKANNT
JDownloader 0.9 AppWork GmbH 26.10.2011 0.9 UNBEKANNT
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 08.03.2012 17,3MB 1.60.1.1000 UNBEKANNT
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.12.2010 38,8MB 4.0.30319 UNBEKANNT
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.12.2010 2,94MB 4.0.30319 UNBEKANNT
Microsoft Silverlight Microsoft Corporation 15.02.2012 160,0MB 4.1.10111.0 UNBEKANNT
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.09.2011 1,70MB 3.1.0000 UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 UNBEKANNT
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 15.04.2011 0,20MB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 20.04.2011 0,58MB 9.0.30729.5570 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 15.08.2011 2,87MB 9.0.21022 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.02.2011 0,58MB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.04.2011 0,58MB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.12.2011 15,0MB 10.0.40219 UNBEKANNT
Monopoly 12.06.2011 NOTWENDIG
Mozilla Firefox (3.6.27) Mozilla 18.02.2012 3.6.27 (de) NOTWENDIG
Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 17.02.2012 38,7MB 10.0.2 NOTWENDIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.04.2011 35,00KB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.04.2011 1,33MB 4.20.9876.0 UNBEKANNT
Nero BackItUp 10 Nero AG 02.06.2011 117,7MB 5.8.10400.4.100 UNBEKANNT
Nero Burning ROM 10 Nero AG 02.06.2011 168,3MB 10.6.10600.4.100 UNNÖTIG
Nero BurnRights 10 Nero AG 02.06.2011 6,15MB 4.4.10300.1.100 UNBEKANNT
Nero CoverDesigner 10 Nero AG 02.06.2011 91,4MB 5.6.10500.3.100 UNBEKANNT
Nero DiscCopy Gadget 10 Nero AG 02.06.2011 34,7MB 3.6.10200.1.100 UNBEKANNT
Nero DiscSpeed 10 Nero AG 02.06.2011 7,22MB 6.4.10400.0.100 UNBEKANNT
Nero Express 10 Nero AG 02.06.2011 165,4MB 10.6.10600.4.100 UNNÖTIG
Nero InfoTool 10 Nero AG 02.06.2011 7,79MB 7.4.10200.0.100 UNNÖTIG
Nero Kwik Media Nero AG 02.06.2011 249MB 1.6.14000.46.100 UNBEKANNT
Nero Multimedia Suite 10 Nero AG 02.06.2011 1.719MB 10.6.11300 UNBEKANNT
Nero Recode 10 Nero AG 02.06.2011 79,3MB 4.10.10600.4.100 UNBEKANNT
Nero RescueAgent 10 Nero AG 02.06.2011 6,53MB 3.6.10500.3.100 UNBEKANNT
Nero SoundTrax 10 Nero AG 02.06.2011 98,2MB 4.10.10300.2.100 UNBEKANNT
Nero StartSmart 10 Nero AG 02.06.2011 142,7MB 10.6.10400.2.100 UNBEKANNT
Nero Update Nero AG 02.06.2011 1,46MB 1.0.10900.31.0 UNBEKANNT
Nero Vision 10 Nero AG 02.06.2011 223MB 7.4.10800.7.100 UNBEKANNT
Nero WaveEditor 10 Nero AG 02.06.2011 79,2MB 5.10.10400.3.100 UNBEKANNT
NetAssistant for Firefox Freeze.com 08.10.2011 3.6.5 UNBEKANNT
OpenOffice.org 3.2 OpenOffice.org 06.01.2011 363MB 3.2.9502 NOTWENDIG
PDFCreator Frank Heindörfer, Philip Chinery 27.01.2011 1.2.0 NOTWENDIG
PriceGong 2.5.3 PriceGong 08.10.2011 2.5.3 UNBEKANNT
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 eRightSoft 13.11.2011 42,7MB v2011.build.49 UNNÖTIG
SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 08.10.2011 4,75MB 3.6.0002 UNBEKANNT
TuneUp Utilities 2012 TuneUp Software 21.11.2011 12.0.2110.7 UNBEKANNT
Uninstall 1.0.0.1 10.04.2011 10,9MB UNBEKANNT
VLC media player 1.1.5 VideoLAN 05.01.2011 1.1.5 NOTWENDIG
Windows Live Essentials Microsoft Corporation 11.09.2011 15.4.3538.0513 NOTWENDIG
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 14.04.2011 5,58MB 15.4.5722.2 NOTWENDIG
WinRAR 05.01.2011 NOTWENDIG
WinX HD Video Converter Deluxe 3.10.3 Digiarty Software,Inc. 27.10.2011 45,9MB UNNÖTIG
Wireless Console 3 ASUS 06.01.2011 2,45MB 3.0.18 NOTWENDIG

Alt 10.03.2012, 16:19   #15
markusg
/// Malware-holic
 
Trojaner nach BKA-Meldung - Standard

Trojaner nach BKA-Meldung



ja, sieht gut aus, meint, dass wir bald durch sind.

Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Amazon
Avira SearchFree : beide
wir tauschen avira dann sowieso aus.
AVS
Babylon
DealPly
druckstdu
File Type
Google
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
JDownloader
Microsoft Silverlight

firefox upgraden bitte:
Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar

deinstaliere:
Nero , alle
PriceGong
SUPER ©
SweetIM
TuneUp
WinX
öffne CCleaner analysieren, bereinigen neustart.
testen wie der pc läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojaner nach BKA-Meldung
adapter, adblock, adobe, ahnungslos, antivir, asus, avg, avira, avira searchfree toolbar, babylon, computer, dealply, defender, desktop, download, dringend, explorer, firefox, helper, herunterfahren, hilfe!!, internet, mozilla, mp3, pdf, svchost.exe, sweetim, system, trojaner, updates, windows



Ähnliche Themen: Trojaner nach BKA-Meldung


  1. DHL-Meldung erhalten, nach 10 Minuten weg. Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (18)
  2. SysMenu.dll-Meldung nach Säuberung
    Log-Analyse und Auswertung - 30.12.2014 (17)
  3. Malewarefund nach Meldung von Avira
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (20)
  4. Virenbeseitigung nach Telekom Meldung
    Log-Analyse und Auswertung - 21.11.2013 (5)
  5. Meldung nach Ausführung des TFC-Programm
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (1)
  6. tr/spy.gen-Meldung nach runtergeladener .rar-Datei
    Log-Analyse und Auswertung - 29.07.2013 (11)
  7. Weißer Bildschirm nach Meldung vom BKA bei Windows 7
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (11)
  8. Malwarebytes Pro meldung in win 8, nach scan = 127.0.01
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (7)
  9. Laptop bootet nach Trojaner Meldung (Avira) nicht mehr, Start von Win XP CD nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (1)
  10. Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe"
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (11)
  11. Grauer Bildschirm nach dem Anmelden...Meldung: Nach Problemlösung im Internet suchen
    Log-Analyse und Auswertung - 22.06.2012 (1)
  12. OTL Log Auswertung nach autorun.inf Meldung
    Log-Analyse und Auswertung - 07.11.2011 (25)
  13. runDLL Meldung nach löschen von Trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.11.2010 (0)
  14. PC Bootet mit mehr nach Fake AV Meldung
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (1)
  15. HiJackThis Log nach meldung von AntiVir.
    Log-Analyse und Auswertung - 22.09.2009 (4)
  16. Log-File bitte nach Trojaner & Co. Meldung prüfen
    Mülltonne - 12.01.2009 (8)
  17. nach e-scan folgende meldung
    Log-Analyse und Auswertung - 08.04.2005 (1)

Zum Thema Trojaner nach BKA-Meldung - Hallo. Nachdem sich eine BKA-Mitteilung auf meinem PC geöffnet hatte (die ich nur wegbekam, indem ich den Rechner zum Herunterfahren zwang), meldete AntiVir einen Trojaner. Ich habe versucht, im Internet - Trojaner nach BKA-Meldung...
Archiv
Du betrachtest: Trojaner nach BKA-Meldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.