Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
100E trojaner bka

100E trojaner bka


Plagegeister aller Art und deren Bekämpfung: 100E trojaner bka

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.04.2012, 21:00   #1
gabi123456
 
100E trojaner bka - Standard

100E trojaner bka


hilfe, ich habe das dumme ding auch ... und nun ? bin mega dau. OTL habe ich, we gehts weiter ?

mist

lg
gabi

otl sagt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.04.2012 22:10:10 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = E:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 77,27% Memory free
3,73 Gb Paging File | 3,48 Gb Available in Paging File | 93,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,88 Gb Total Space | 10,96 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
Drive D: | 114,00 Gb Total Space | 49,42 Gb Free Space | 43,35% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 616,50 Mb Free Space | 87,78% Space Free | Partition Type: UDF
Drive F: | 1010,95 Mb Total Space | 534,77 Mb Free Space | 52,90% Space Free | Partition Type: FAT
 
Computer Name:  | User Name:  | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.28 18:29:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.13 21:45:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.10.05 18:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nvhbcxey.sys -- (nvhbcxey)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.20 19:30:30 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.03.20 19:30:28 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.02.18 16:21:31 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.17 17:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 14:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007.01.19 01:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.28 21:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 F9 8E F1 F5 16 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.15 21:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.28 21:02:17 | 000,000,000 | ---D | M]
 
[2011.02.16 16:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zzz xxx\AppData\Roaming\mozilla\Extensions
[2012.03.28 19:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zzz xxx\AppData\Roaming\mozilla\Firefox\Profiles\l0j9eh5h.default\extensions
[2011.05.09 07:19:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zzz xxx\AppData\Roaming\mozilla\Firefox\Profiles\l0j9eh5h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.28 19:27:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\zzz xxx\AppData\Roaming\mozilla\Firefox\Profiles\l0j9eh5h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.31 21:01:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\zzz xxx\AppData\Roaming\mozilla\Firefox\Profiles\l0j9eh5h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.21 19:28:58 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\zzz xxx\AppData\Roaming\mozilla\Firefox\Profiles\l0j9eh5h.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.12 20:15:56 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-1.xml
[2011.09.20 22:20:11 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-10.xml
[2011.09.25 16:16:41 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-11.xml
[2011.10.01 10:56:38 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-12.xml
[2011.10.21 08:19:58 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-13.xml
[2011.11.08 10:30:38 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-14.xml
[2011.07.05 21:08:16 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-2.xml
[2011.08.18 17:30:21 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-3.xml
[2011.08.20 20:14:05 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-4.xml
[2011.08.21 16:13:22 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-5.xml
[2011.09.01 19:48:51 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-6.xml
[2011.09.08 07:51:51 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-7.xml
[2011.09.09 07:15:58 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-8.xml
[2011.09.16 14:18:32 | 000,000,950 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin-9.xml
[2011.06.23 08:51:30 | 000,001,056 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Mozilla\Firefox\Profiles\l0j9eh5h.default\searchplugins\icqplugin.xml
[2012.03.29 19:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.02.18 21:11:50 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.02.18 21:11:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\USERS\zzz RüTTGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L0J9EH5H.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\zzz RüTTGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L0J9EH5H.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\zzz RüTTGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L0J9EH5H.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.03.15 21:24:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.15 21:24:33 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.03.15 21:24:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.15 21:24:33 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.03.15 21:24:33 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.03.15 21:24:33 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2012.03.28 21:03:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - Startup: C:\Users\zzz xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\zzz xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{791D4CE4-A3E7-417E-B014-85C5A657DEE9}: DhcpNameServer = 195.184.180.4 195.184.181.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97F6F8F7-B12C-4A0F-A703-662802A77D26}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.19 20:56:00 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{6223D551-FF79-48C7-9375-9314AE045AC3}
[2012.04.19 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{2C31EBC9-22F5-47E4-AF45-21E7336CCA76}
[2012.04.19 19:18:54 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{DCCFCAE6-CE62-4635-BBE1-3B485055C9EA}
[2012.04.19 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{91BECE87-BFB2-43A0-A09E-810DD0C7D65C}
[2012.04.19 19:09:12 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{E10B4FC0-33BC-471E-9EBF-D264DC10ED0E}
[2012.04.19 19:09:09 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{3E558F40-039F-41ED-9EE7-840AAD8FA8A5}
[2012.04.18 18:25:55 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{B4F2C795-ED7F-4F7E-B8D9-282B8B5BB3A2}
[2012.04.18 18:25:53 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{0C9AC628-DE88-472B-BA3E-26F497A4C1CD}
[2012.04.18 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{FF6CC5A3-F282-489B-81A4-34B374E4028D}
[2012.04.18 17:50:37 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{47C42673-37AA-4130-87AA-F7EC262CF9D8}
[2012.04.12 07:04:49 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.12 07:04:48 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.11 07:34:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 07:34:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 07:34:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 07:34:26 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 07:34:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.11 07:34:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.11 07:34:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.11 07:34:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.11 07:34:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 07:34:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.11 07:34:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 07:34:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.11 07:34:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.11 07:34:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.11 07:34:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.11 07:34:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.11 07:34:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.11 07:34:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.04.09 12:47:30 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2012.04.09 12:47:30 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Roaming\Video DVD Maker FREE
[2012.04.09 12:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.04.09 12:46:46 | 000,839,680 | ---- | C] (www) -- C:\Windows\System32\lameACM.acm
[2012.04.09 12:46:45 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2012.04.09 12:46:45 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012.04.09 12:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.04.09 12:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker
[2012.04.09 12:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Video DVD Maker
[2012.04.09 12:39:57 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{D95ACDD2-EB09-4BAA-B39D-47C6DF86C9BD}
[2012.04.09 12:39:55 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{FC8ABA92-04C3-46B5-8B95-891B312C0077}
[2012.04.06 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{69458FA5-5CF0-4A4C-A490-A57DEF8F0C7F}
[2012.04.06 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{B2862572-BF13-48B4-BB5E-85BAD620FF2E}
[2012.04.05 07:30:09 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{7B54F89A-8410-48C9-90BA-5181F7CE7FE7}
[2012.04.05 07:30:04 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{CF5C1E4E-9A8E-4508-A579-773466E9B412}
[2012.04.04 20:13:50 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{0C177240-2F15-4F5D-A5D8-E838DAECE1AD}
[2012.04.04 20:13:48 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{7D160A82-7E3C-4869-8E77-B84ED1F31FF8}
[2012.04.04 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{26E62AA7-5A70-4E68-869F-9FD751D66D74}
[2012.04.04 18:15:55 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.03 22:52:44 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{5C1C45A1-4F7D-4BD4-8882-A590797AB4AC}
[2012.04.01 19:40:01 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{6C03ABEA-43D2-47E3-A33E-C83579646126}
[2012.03.31 11:19:21 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{C8462517-38CE-403C-99AE-BB705CF9EA26}
[2012.03.30 12:35:20 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{ACA8BA06-F3C6-4663-9047-A871FD496B26}
[2012.03.29 18:05:28 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Roaming\Malwarebytes
[2012.03.29 18:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.29 18:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.29 18:05:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.29 18:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.29 07:53:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.28 21:07:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.28 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\temp
[2012.03.28 20:47:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.28 20:47:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.28 20:47:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.28 20:46:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.28 20:46:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.03.28 20:46:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.28 20:44:58 | 004,448,457 | R--- | C] (Swearware) -- C:\Users\zzz xxx\Desktop\ComboFix.exe
[2012.03.28 19:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012.03.28 11:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic
[2012.03.28 11:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tinypic
[2012.03.28 08:27:32 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{BEBD69BB-DBCD-406C-B72C-710855E7246D}
[2012.03.28 08:27:29 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{C1DB30B8-5F75-4BBA-9E86-99824A40F68B}
[2012.03.27 14:00:01 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Roaming\Kalypso Media
[2012.03.27 13:57:17 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Roaming\ProtectDISC
[2012.03.27 13:57:10 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012.03.27 13:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012.03.27 11:43:15 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{72CA39D7-1C66-48A9-96CA-BC4A0C47D9FB}
[2012.03.27 11:43:12 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{5382C584-E3E4-4326-BD21-07CB8BEA8032}
[2012.03.26 17:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012
[2012.03.26 14:41:07 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\2012-03-26 eddy
[2012.03.26 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{B4AE9E5A-8D02-4074-A588-6ADFBDE80080}
[2012.03.26 11:48:16 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{B0878C4A-01EC-4B29-8B53-B5FB90222FD4}
[2012.03.23 13:59:01 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{30B025D7-9D68-4F6A-B12A-79F4A441C222}
[2012.03.23 13:58:59 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{BA244F4C-33FD-4F0B-9AE5-CE9FC9D94B7E}
[2012.03.22 11:09:33 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{E7809101-674D-4E78-8A20-C74D3E3B0FC7}
[2012.03.22 11:09:31 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{ABCAF29A-BB18-4A99-9B01-9739928188CD}
[2012.03.21 21:39:45 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{5A0882AF-CF3C-4954-9DF8-E0084C604BCD}
[2012.03.21 21:39:42 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{26DC46AF-B9A1-4689-BE1D-D3BD0F5AE52C}
[2012.03.21 09:39:35 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{B87F641A-E1AA-4C32-AC8C-894FF9C37CB9}
[2012.03.21 09:39:32 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Local\{B9FBE261-48F3-4E2A-B69B-24942CCA7826}
[2012.03.20 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\zzz xxx\AppData\Roaming\Red Alert 3
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.19 22:13:42 | 000,631,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.19 22:13:42 | 000,598,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.19 22:13:42 | 000,126,686 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.19 22:13:42 | 000,104,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.19 22:08:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.19 21:51:05 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 21:51:05 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 21:46:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.19 21:00:29 | 000,000,872 | ---- | M] () -- C:\Users\zzz xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kes454707.exe.lnk
[2012.04.19 08:06:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.04.13 21:45:11 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.13 21:45:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.09 12:50:19 | 000,006,656 | ---- | M] () -- C:\Users\zzz xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.29 18:05:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.29 11:37:01 | 000,010,599 | ---- | M] () -- C:\Users\zzz xxx\chris_elster_2048.pfx
[2012.03.28 21:03:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.28 20:44:09 | 004,448,457 | R--- | M] (Swearware) -- C:\Users\zzz xxx\Desktop\ComboFix.exe
[2012.03.28 20:09:13 | 000,374,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.28 19:32:34 | 1755,333,632 | ---- | M] () -- C:\Users\zzz xxx\Documents\Outlook.pst
[2012.03.28 18:12:11 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2012.03.28 12:29:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001726.LCS
[2012.03.28 11:14:16 | 000,000,788 | ---- | M] () -- C:\Users\zzz xxx\Desktop\TinyPic.lnk
[2012.03.27 11:00:14 | 000,474,610 | ---- | M] () -- C:\Users\zzz xxx\Desktop\gerichtskasse.TIF
[2012.03.26 18:30:31 | 000,000,982 | ---- | M] () -- C:\Windows\wiso.ini
[2012.03.26 17:48:10 | 000,001,906 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.03.26 17:48:10 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2012.03.26 14:06:34 | 000,327,592 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 018.JPG
[2012.03.26 14:05:32 | 000,364,116 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 015.JPG
[2012.03.26 14:05:14 | 000,336,636 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 012.JPG
[2012.03.26 14:04:48 | 000,347,839 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 011.JPG
[2012.03.26 14:03:48 | 000,386,949 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 006.JPG
[2012.03.26 14:03:38 | 000,412,470 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 005.JPG
[2012.03.26 14:02:54 | 000,381,564 | ---- | M] () -- C:\Users\zzz xxx\Documents\eddy 001.JPG
[2012.03.23 01:54:48 | 000,000,680 | ---- | M] () -- C:\Users\zzz xxx\AppData\Local\d3d9caps.dat
[2012.03.22 20:22:16 | 156,465,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.21 14:34:13 | 000,001,005 | ---- | M] () -- C:\Users\zzz xxx\Desktop\RA3 - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.19 21:00:29 | 000,000,872 | ---- | C] () -- C:\Users\zzz xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kes454707.exe.lnk
[2012.04.09 12:46:46 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.04.09 12:46:46 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012.04.09 12:46:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.04.09 12:46:45 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.09 12:46:45 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.09 12:46:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.04.04 18:15:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 18:05:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.29 11:36:51 | 000,010,599 | ---- | C] () -- C:\Users\zzz xxx\chris_elster_2048.pfx
[2012.03.28 20:47:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.28 20:47:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.28 20:47:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.28 20:47:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.28 20:47:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.28 20:16:38 | 1755,333,632 | ---- | C] () -- C:\Users\zzz xxx\Documents\Outlook.pst
[2012.03.28 11:14:16 | 000,000,788 | ---- | C] () -- C:\Users\zzz xxx\Desktop\TinyPic.lnk
[2012.03.27 13:57:23 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001726.LCS
[2012.03.27 11:01:09 | 000,474,610 | ---- | C] () -- C:\Users\zzz xxx\Desktop\gerichtskasse.TIF
[2012.03.26 17:48:10 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2012.03.26 14:06:34 | 000,327,592 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 018.JPG
[2012.03.26 14:05:32 | 000,364,116 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 015.JPG
[2012.03.26 14:05:14 | 000,336,636 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 012.JPG
[2012.03.26 14:04:48 | 000,347,839 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 011.JPG
[2012.03.26 14:03:48 | 000,386,949 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 006.JPG
[2012.03.26 14:03:38 | 000,412,470 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 005.JPG
[2012.03.26 14:02:54 | 000,381,564 | ---- | C] () -- C:\Users\zzz xxx\Documents\eddy 001.JPG
[2012.03.21 14:34:13 | 000,001,005 | ---- | C] () -- C:\Users\zzz xxx\Desktop\RA3 - Verknüpfung.lnk
[2012.03.20 19:30:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.03.20 19:30:28 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.03.17 16:49:07 | 000,000,982 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.17 15:30:44 | 000,000,680 | ---- | C] () -- C:\Users\zzz xxx\AppData\Local\d3d9caps.dat
[2011.06.06 20:50:11 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.04.10 17:24:06 | 000,006,656 | ---- | C] () -- C:\Users\zzz xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.18 16:23:57 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.02.18 16:23:57 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.02.17 16:35:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.17 15:11:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.17 15:11:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.02.17 15:10:15 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.16 12:35:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.02.16 12:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\Users\zzz xxx\Desktop\gerichtskasse.TIF:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3B75B877

< End of report >
--- --- ---

Alt 20.04.2012, 10:12   #2
markusg
/// Malware-holic
 
100E trojaner bka - Standard

100E trojaner bka


öffne bitte malwarebytes, logdateien, poste alle bisher erstellten berichte.
__________________

__________________
Antwort

Themen zu 100E trojaner bka
alternate, avp.exe, dumme, langs, nodrives, plug-in, searchscopes, secunia psi, security scan, troja, trojaner, version=1.0, vodafone


« GEMA die X-te | Internet Startet und Admin-Rechte wurden entzogen »


Ähnliche Themen: 100E trojaner bka


  1. BKA virus (100e) OTL log inside
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  2. Registry - 100e Websites registriert - kriegt man die weg?
    Alles rund um Windows - 24.03.2010 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 100E trojaner bka - hilfe, ich habe das dumme ding auch ... und nun ? bin mega dau. OTL habe ich, we gehts weiter ? mist lg gabi otl sagt:OTL Logfile: Code: Alles auswählen - 100E trojaner bka...
Archiv
Du betrachtest: 100E trojaner bka auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131