Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win Vista BKA 1.13 Trojaner

Win Vista BKA 1.13 Trojaner


Log-Analyse und Auswertung: Win Vista BKA 1.13 Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.08.2012, 13:48   #1
deko
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner


Hey Leute,
ich habe mir mit meinem PC den BKA Trojaner 1.13 eingefangen und brauche nun eure Hilfe, um diesen wieder zu entfernen. Die OTL-Dateien findet ihr im Anhang. Bitte um schnelle Hilfe.

Gruß Deko

Anhang 40395

Anhang 40396

Alt 11.08.2012, 15:50   #2
t'john
/// Helfer-Team
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} 
IE - HKLM\..\SearchScopes\{2AD9BACB-2264-4A41-A318-6F1BDE25A2A7}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKLM\..\SearchScopes\{D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes,DefaultScope = {E9841929-28EC-4DFD-9889-81B466BAD772} 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{2AD9BACB-2264-4A41-A318-6F1BDE25A2A7}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{E9841929-28EC-4DFD-9889-81B466BAD772}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_de 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultthis.engineName: "Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.selectedEngine: "Search" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" 
FF - prefs.js..network.proxy.type: 2 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. 
O3 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) 
O4 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000..\Run: [duezsckmcjzrlms] C:\ProgramData\duezsckm.exe () 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) 
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) 
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) 
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) 
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) 
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[2012.08.09 22:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\gryzgrwacuqycuj 
[2012.08.11 14:05:48 | 000,098,861 | ---- | M] () -- C:\ProgramData\nvModes.001 
[2012.08.11 14:05:21 | 000,098,861 | ---- | M] () -- C:\ProgramData\nvModes.dat 
[2012.08.09 22:40:12 | 000,000,051 | ---- | M] () -- C:\ProgramData\jdcgvuopknttfbb 
[2012.08.09 22:39:52 | 000,061,440 | ---- | M] () -- C:\Users\Sonja\ms.exe 
[2012.08.09 22:39:52 | 000,061,440 | ---- | M] () -- C:\ProgramData\duezsckm.exe 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C31F31E6 
 
[2012.08.11 14:05:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.07 23:03:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.12 18:57:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 13.08.2012, 10:12   #3
deko
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner


Hey,
erstmal danke für den Fix-Code. Ich habe alle Anweisungen befolgt und der neue Scan ergibt dieses Ergebnis. Den BKA-Trojaner blockt nichts mehr auf dem PC und Avast Antivirus hat auch nichts mehr gefunden. Hoffe, dass nun alles runter ist.

Gruß Deko

Code:
ATTFilter
OTL logfile created on: 12.08.2012 19:02:19 - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Sonja\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,55% Memory free
6,19 Gb Paging File | 5,23 Gb Available in Paging File | 84,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 96,97 Gb Free Space | 43,31% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,65 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
 
Computer Name: COMPAC | User Name: Sonja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 19:01:02 | 001,541,144 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_AD240.tmp\setup.exe
PRC - [2012.08.11 14:10:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe
PRC - [2012.08.08 19:00:00 | 000,668,072 | ---- | M] () -- C:\Programme\Google\Update\Install\{070826F9-EE6F-4D10-BA04-FAF9568C582F}\21.0.1180.75_21.0.1180.60_chrome_updater.exe
PRC - [2011.09.06 23:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.03.11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.03.11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.03.22 15:23:49 | 002,652,056 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008.12.11 17:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Firewall Plus\FWService.exe
PRC - [2008.12.11 10:16:28 | 000,026,112 | ---- | M] () -- C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.08.24 05:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.08.17 11:50:00 | 000,483,144 | ---- | M] (Corel, Inc.) -- C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe
PRC - [2007.08.02 21:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.12.11 10:16:28 | 000,026,112 | ---- | M] () -- C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe
MOD - [2008.10.01 15:30:08 | 000,135,168 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxbase28uh_net_vc.dll
MOD - [2008.10.01 15:30:06 | 003,162,112 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxmsw28uh_core_vc.dll
MOD - [2008.10.01 15:30:06 | 001,318,912 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxbase28uh_vc.dll
MOD - [2008.10.01 15:30:06 | 000,704,512 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxmsw28uh_adv_vc.dll
MOD - [2008.10.01 15:30:06 | 000,483,328 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxmsw28uh_html_vc.dll
MOD - [2008.10.01 15:24:38 | 000,147,456 | ---- | M] () -- C:\Programme\Steganos Safe OEM\ShellExtension.dll
MOD - [2008.06.11 22:18:38 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.11 22:18:36 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.11 22:18:34 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008.06.11 22:17:08 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.02 21:07:56 | 000,034,064 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.12.11 17:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.24 07:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.06 23:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 23:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 23:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 23:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 23:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 23:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.10.05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009.03.22 15:24:12 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009.03.22 15:23:51 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008.12.11 09:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008.10.03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER)
DRV - [2008.09.22 13:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.10 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.10 00:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.04.27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.10 20:26:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.04 18:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.26 21:42:59 | 000,000,000 | ---D | M]
 
[2009.04.03 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Extensions
[2012.08.07 23:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions
[2009.09.10 21:21:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.08 16:18:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.05 16:42:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.24 16:24:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\engine@conduit.com
[2012.07.08 16:18:14 | 000,000,853 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\11-suche.xml
[2010.08.07 10:16:34 | 000,000,881 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\conduit.xml
[2012.07.08 16:18:14 | 000,002,209 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\englische-ergebnisse.xml
[2012.07.08 16:18:14 | 000,010,506 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\gmx-suche.xml
[2012.07.08 16:18:14 | 000,002,368 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\lastminute.xml
[2012.07.08 16:18:14 | 000,005,489 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\webde-suche.xml
[2011.07.26 21:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 20:26:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.12.17 17:36:56 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\SONJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H52J4LSB.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011.09.04 18:26:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.11 01:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010.03.11 01:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010.03.11 01:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010.03.11 01:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010.03.11 01:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010.03.11 01:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://gate.ewe.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B7642CF-6107-4848-A804-A20F5A684EEA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 18:12:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.11 14:10:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe
[2012.07.29 11:37:03 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Desktop\Neuer Ordner (2)
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 19:05:52 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.12 19:05:52 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.12 19:05:52 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.12 19:05:52 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.12 19:04:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.12 18:58:38 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.08.12 18:58:37 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.12 18:58:36 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.12 18:58:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 18:58:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 18:58:11 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.12 18:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 18:57:58 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 14:10:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2012.08.12 18:32:48 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.12 18:30:17 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.08.12 18:29:49 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.08.12 18:29:23 | 3218,284,544 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.29 21:13:19 | 000,000,000 | ---- | C] () -- C:\Users\Sonja\AppData\Local\{96D20519-2F95-4F8D-924F-274C864CBA40}
[2011.02.06 22:18:04 | 319,312,022 | ---- | C] () -- C:\Users\Sonja\Sonja Fotobuch.cpr
[2009.10.04 13:42:44 | 000,007,592 | ---- | C] () -- C:\Users\Sonja\AppData\Local\d3d9caps.dat
[2009.10.03 18:51:24 | 000,000,893 | ---- | C] () -- C:\Users\Sonja\.recently-used.xbel
[2008.10.25 16:32:47 | 000,086,016 | ---- | C] () -- C:\Users\Sonja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.08.06 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Ashampoo
[2011.01.04 11:39:43 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Canon
[2011.04.24 16:23:46 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.03 18:51:24 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\gtk-2.0
[2011.01.06 20:45:07 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\ICAClient
[2011.01.06 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Juniper Networks
[2009.03.29 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\OpenOffice.org
[2009.01.17 18:24:04 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Opera
[2009.01.17 18:56:52 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\PCToolsFirewallPlus
[2010.04.26 21:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Ulead Systems
[2012.08.12 18:39:46 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
__________________
Alt 13.08.2012, 14:06   #4
t'john
/// Helfer-Team
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner


Wo ist das FIX-Log?

Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 14:03   #5
deko
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner


Wird die Fix-Datei danach iwo abgespeichert? Ich dachte, dass ich bloß die neue Scan Datei erneut hochladen sollte.

Gruß Deko


Alt 14.08.2012, 15:16   #6
t'john
/// Helfer-Team
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner


kannst du lesen?

was habe ich hier gschrieben: http://www.trojaner-board.de/121828-...tml#post890823?
__________________
--> Win Vista BKA 1.13 Trojaner

Alt 27.09.2012, 19:43   #7
t'john
/// Helfer-Team
 
Win Vista BKA 1.13 Trojaner - Standard

Win Vista BKA 1.13 Trojaner


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Win Vista BKA 1.13 Trojaner
bka 1.13, bka trojaner, brauche, eingefangen, entferne, gefangen, gen, leute, schnelle, troja, trojane, trojaner, vista, win, win vista, win vista bka 1.13 trojaner


« Trojaner Bundesschutzpolizei UKash "Ihr System wurde gesperrt" | windows\SysWOW64\rundll32.exe - Eintrag FQ10 fehlt »


Ähnliche Themen: Win Vista BKA 1.13 Trojaner


  1. Unter Firefox friert Vista ein - oder doch ein Vista Explorer Problem?
    Alles rund um Windows - 10.11.2015 (24)
  2. Win Vista: GVU Trojaner
    Log-Analyse und Auswertung - 01.11.2013 (16)
  3. Vista x32 GVU Trojaner 2.12
    Log-Analyse und Auswertung - 12.08.2013 (7)
  4. bka trojaner 1.13 vista
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  5. GVU Trojaner 2.07 Vista
    Log-Analyse und Auswertung - 26.10.2012 (15)
  6. AKM Trojaner auf Vista
    Log-Analyse und Auswertung - 29.09.2012 (61)
  7. BKA Trojaner 1.13 Vista
    Log-Analyse und Auswertung - 18.09.2012 (3)
  8. GVU-Trojaner mit Web-Cam auf Win Vista 32-Bit
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (8)
  9. Win Vista GVU Trojaner 2.07
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (4)
  10. Win Vista GVU Trojaner 2.07
    Mülltonne - 14.07.2012 (1)
  11. Windows Vista wieder sauber nach entfernen von Vista Recovery?
    Log-Analyse und Auswertung - 14.06.2011 (5)
  12. Vista Security Tool 2010 / Antivirus Vista und deren Verbeitung über dubiose Websites
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (4)
  13. Trojaner bei Vista
    Plagegeister aller Art und deren Bekämpfung - 18.04.2010 (1)
  14. Trojaner auf Vista !?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2009 (3)
  15. Vista 64-Bit-Edition auf DVD Alternative Windows Vista-Medien
    Alles rund um Windows - 18.04.2008 (4)
  16. Boot Manager von Vista erneuern, ohne Vista Patition zu löschen
    Alles rund um Windows - 16.01.2008 (1)
  17. Tip: Linux und Vista mit Bitlocker - Dualboot mit dem Vista Boot Manager
    Alles rund um Windows - 19.11.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win Vista BKA 1.13 Trojaner - Hey Leute, ich habe mir mit meinem PC den BKA Trojaner 1.13 eingefangen und brauche nun eure Hilfe, um diesen wieder zu entfernen. Die OTL-Dateien findet ihr im Anhang. Bitte - Win Vista BKA 1.13 Trojaner...
Archiv
Du betrachtest: Win Vista BKA 1.13 Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55