BKA Virus Trojaner

nannimon · 19.09.2012, 16:00

Hallo ich habe mich vor ca. 2 Wochen mit dem BKA- Virus infiziert und suche Hilfe. Das bekannte Fenster erschien mir nur einmal- anschließend funktionierte das ganze System wieder. Es kommt nur eine Fehlermeldung zu Beginn, nach dem Hochfahren. Ich suche nun Hilfe, da ich bereits selbstständig diverse Virenprogramme drüber laufen ließ, die auch stets fündig wurden, doch ich das Gefühl habe, dass das Problem noch nicht ganz ausgemerzt ist.
Ich habe nun die hier im Forum beschriebenen Anweisungen befolgt und das malwarebytes- Programm durchlaufen lassen. Es ist fündig geworden und die beschriebenen Ergebnisse wurden von mir unten gepostet. Ich wäre um Eure Hilfe sehr dankbar. Gruß
nannimon

11 ifinzierte Objekte gefunden

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
al :: NOTEBOOK_SIMON [Administrator]

Schutz: Aktiviert

19.09.2012 16:32:38
mbam-log-2012-09-19 (16-32-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 258070
Laufzeit: 21 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\blyadstvoeb (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\Simon\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Habe hier noch die OTL- File:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 9/19/2012 5:09:58 PM - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = D:\Profil\Simon\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.93 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 66.60% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 121.69 Gb Total Space | 61.62 Gb Free Space | 50.64% Space Free | Partition Type: NTFS
Drive D: | 161.31 Gb Total Space | 79.86 Gb Free Space | 49.51% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK_SIMON | User Name: al | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/12 20:45:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- D:\Profil\Simon\Desktop\OTL.exe
PRC - [2012/09/08 06:43:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Profil\Simon\Downloads\5 virus\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Profil\Simon\Downloads\5 virus\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Profil\Simon\Downloads\5 virus\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 08:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- D:\Profil\Simon\Downloads\Rosetta Stone 3.4.5 windows\PowerISO\PWRISOVM.EXE
PRC - [2011/05/25 16:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\PROGRA~1\Bandoo\Bandoo.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/27 12:53:56 | 001,503,088 | ---- | M] (PixelPlanet GmbH) -- C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe
PRC - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010/06/28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2010/06/15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/09/08 06:43:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Profil\Simon\Downloads\5 virus\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Profil\Simon\Downloads\5 virus\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 09:33:23 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/07/18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/09 08:15:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/08 11:12:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/25 16:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\PROGRA~1\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/15 10:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\50458392.sys -- (50458392)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\5045839.sys -- (setup_9.0.0.722_03.09.2012_12-35drv)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\50458391.sys -- (50458391)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BBAF5C2-2C3D-45B6-8BF6-AE3237C8C080}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BBAF5C2-2C3D-45B6-8BF6-AE3237C8C080}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_de
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=eb99f053-f9bf-11e0-a8eb-002454294d08&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{EECA0D5C-6E3A-451F-9571-6A5070459688}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Profil\Simon\Downloads\photo picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Profil\Simon\Downloads\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Profil\Simon\Downloads\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/24 21:36:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 16:29:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/07 18:35:58 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Corel File Shell Monitor] D:\Profil\Simon\Downloads\Medien\Photoshop\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Profil\Simon\Downloads\Rosetta Stone 3.4.5 windows\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Profil\Simon\Downloads\5 virus\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_03.09.2012_12-35.lnk = D:\Profil\Simon\Downloads\bka virus\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_03.09.2012_12-35\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\al\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{298362AB-35A1-4CC4-BBF0-F348C43FE995}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\progra~1\bandoo\bndhook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/19 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Malwarebytes
[2012/09/19 16:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/19 16:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/19 16:29:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/17 20:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zarb 4
[2012/09/17 20:14:25 | 000,000,000 | ---D | C] -- C:\windows\IswTmp
[2012/09/17 20:04:04 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Zarb
[2012/09/17 20:03:52 | 000,605,184 | ---- | C] (Concept Software, Inc.) -- C:\windows\System32\KEYLIB32.dll
[2012/09/05 13:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/05 13:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/05 13:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/03 12:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/03 12:15:23 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\5045839.sys
[2012/09/03 12:15:23 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\50458391.sys
[2012/09/03 12:15:23 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\50458392.sys
[2012/09/03 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Avira
[2012/09/03 11:05:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/09/03 11:05:17 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS
[2012/09/03 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2012/09/03 11:05:17 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS\0307020.005
[2012/09/03 11:00:20 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Apple Computer
[2012/09/01 12:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/09/01 12:29:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/09/01 12:29:21 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/09/01 12:29:21 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/09/01 12:29:20 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/09/01 12:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/09/01 12:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2005/12/19 07:29:00 | 003,289,088 | ---- | C] (FriedelSoft) -- C:\Program Files\Cover Druck.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/19 17:11:06 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 17:11:06 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 17:04:22 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/19 17:04:13 | 000,000,322 | ---- | M] () -- C:\windows\tasks\DriverScanner.job
[2012/09/19 17:03:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/19 17:02:52 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 16:46:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 16:29:04 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/17 21:30:00 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task e6e53648-9522-45b7-b658-bd3b42f111d0.job
[2012/09/17 20:49:08 | 000,499,440 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/17 20:14:37 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Zarb.lnk
[2012/09/17 20:03:54 | 000,003,120 | ---- | M] () -- C:\windows\System32\TYDTJYMD.ocx
[2012/09/17 07:36:25 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/17 07:36:25 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/17 07:36:25 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/17 07:36:25 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/11 02:00:00 | 000,000,510 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 21bb5f44-8311-469c-b73e-f7e1830d66a4.job
[2012/09/10 14:33:00 | 000,000,436 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Simon.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/06 13:48:00 | 000,000,430 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for al.job
[2012/09/05 13:30:13 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/04 19:43:24 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/03 12:16:15 | 000,002,042 | ---- | M] () -- C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_03.09.2012_12-35.lnk
[2012/09/03 11:05:21 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/09/02 09:23:31 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/09/01 12:29:51 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2012/09/19 16:29:04 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/17 20:03:54 | 000,003,120 | ---- | C] () -- C:\windows\System32\TYDTJYMD.ocx
[2012/09/17 20:03:53 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Zarb.lnk
[2012/09/05 13:30:35 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task e6e53648-9522-45b7-b658-bd3b42f111d0.job
[2012/09/05 13:30:35 | 000,000,510 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 21bb5f44-8311-469c-b73e-f7e1830d66a4.job
[2012/09/05 13:30:13 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/03 12:16:15 | 000,002,042 | ---- | C] () -- C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_03.09.2012_12-35.lnk
[2012/09/03 11:05:23 | 000,000,430 | -H-- | C] () -- C:\windows\tasks\Norton Security Scan for al.job
[2012/09/03 11:05:18 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NSS\0307020.005\isolate.ini
[2012/09/01 12:29:51 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/29 17:13:07 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2011/08/08 10:28:23 | 001,524,112 | ---- | C] () -- C:\windows\System32\bandoolmx.dll
[2011/01/29 16:03:05 | 000,000,020 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/01/29 15:06:09 | 000,000,052 | ---- | C] () -- C:\windows\winlemm.ini
[2011/01/02 15:29:49 | 000,000,907 | ---- | C] () -- C:\windows\MD_MicroDiffs.INI
[2011/01/02 15:29:49 | 000,000,907 | ---- | C] () -- C:\windows\MD_MacroDiffs.INI
[2011/01/02 15:29:49 | 000,000,817 | ---- | C] () -- C:\windows\CFX.INI
[2011/01/02 15:26:31 | 000,053,248 | ---- | C] () -- C:\windows\System32\RegisterExe.exe
[2011/01/02 15:26:29 | 000,221,184 | ---- | C] () -- C:\windows\System32\SII_PDF.dll
[2011/01/02 15:26:29 | 000,131,072 | ---- | C] () -- C:\windows\System32\CSVSpecialProcessing.dll
[2011/01/02 15:26:29 | 000,098,304 | ---- | C] () -- C:\windows\System32\DVM.dll
[2011/01/02 15:26:28 | 000,225,280 | ---- | C] () -- C:\windows\System32\DrakeCom.dll
[2010/11/28 14:32:22 | 000,000,089 | ---- | C] () -- C:\windows\ulead32.ini
[2010/11/22 21:21:48 | 000,004,970 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010/11/22 21:21:48 | 000,004,864 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010/10/25 14:53:58 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2010/09/17 13:01:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B3FA3D1911.sys
[2010/09/17 13:01:19 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/24 21:45:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/24 16:52:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2005/12/18 07:56:44 | 000,000,028 | ---- | C] () -- C:\Program Files\Register.dat
[2005/12/04 11:10:33 | 000,000,427 | ---- | C] () -- C:\Program Files\Cover Druckstudio.ini
[2005/08/30 07:59:26 | 000,000,142 | ---- | C] () -- C:\Program Files\DruckStudio.key
 
========== LOP Check ==========
 
[2011/09/07 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Bandoo
[2011/02/07 23:46:05 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\CheckPoint
[2011/03/09 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/23 09:45:43 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\GHISLER
[2012/06/20 18:05:25 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Guitar Pro 6
[2011/10/23 09:42:08 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\MonkeyJam
[2011/07/07 23:20:57 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\OpenCandy
[2012/01/08 10:10:36 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\PhotoScape
[2011/09/09 12:05:35 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\QuickStoresToolbar
[2011/02/11 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Softinterface, Inc
[2011/07/07 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Uniblue
[2012/09/17 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Zarb
[2012/09/19 17:04:13 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\DriverScanner.job
[2012/09/07 14:33:07 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/09/11 02:00:00 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 21bb5f44-8311-469c-b73e-f7e1830d66a4.job
[2012/09/17 21:30:00 | 000,000,510 | ---- | M] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task e6e53648-9522-45b7-b658-bd3b42f111d0.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

BKA Virus Trojaner

Plagegeister aller Art und deren Bekämpfung: BKA Virus Trojaner

BKA Virus Trojaner

Ähnliche Themen: BKA Virus Trojaner