| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner SPYEYE.HWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2011, 20:48
| #1 |
| |  Trojaner SPYEYE.H Hallo allerseits, meine Bank hat mir den Online-Zugang gesperrt mit der Begründung, ich hätte einen Trojaner an Bord. Antivir hatte reagiert + in Quarantäne gestellt und eigentlich dachte ich, damit wäre alles wieder gut. Nach Erneuerung der Zugangsdaten zur Bank kam aber von dort erneut eine Sperre und erneut der Hinweis auf (einen) Trojaner. Probleme mit "Bank-Trojanern" werden massenweise geschildert, aber die Maßnahmen zur Beseitigung sind doch wohl immer sehr individuell. Daher wende ich mich an Euch mit der Bitte um Hilfe. Die Logs vom Malwarebytes und OTL habe gemacht, siehe weiter unten. P.S. Zwischendurch hatte ich auf Anraten eines Bekannten Antivir gelöscht und statt dessen Microsoft Security Essentials installiert. Mittlerweile habe ich allerdings auf Anraten eines anderen Bekannten wieder Antivir installiert und MS Sec. ---- gelassen. Die Frage daher noch: Stören sich die beiden bzw. welches soll ich lassen. Für Eure Hilfe vorab vielen Dank! T. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5465
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05.01.2011 20:12:43
mbam-log-2011-01-05 (20-12-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145770
Laufzeit: 8 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 106
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\WINDOWS\system32\AdCache (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\malacuxatx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\malacuxatx.exe\malacuxatx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_631100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_631100.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_512000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_518300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_529100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_543800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_543800.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_563300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_565600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_614900.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_619300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_652600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_652700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_709700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_2_709900.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_533800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_612400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_612400.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_621000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_621100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_621700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_625200.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_655300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_655800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_4_514400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_4_514400.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_4_566800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_1_0_448600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_0_814200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_0_815600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_0_445900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_0_446000.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_511000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_546100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_560300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_566100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_591100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_608600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630700.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630700.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630800.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_535000.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_535000.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_536400.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_536400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_540100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_540100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_542200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_543500.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_543500.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_568500.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_592300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_592300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_617400.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_617400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_624600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_1_630900.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_0_3_531300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_0_815900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_624600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_507300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_581600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_630700.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_630700.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_632400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_648400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_651900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_669600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_678100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710200.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710300.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710400.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_1_710400.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_507300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518500.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518500.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518900.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_518900.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_519300.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_519300.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_541100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_548800.jpg (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_560600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_561200.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_561200.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_581600.swf (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_588100.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_588100.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_607600.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_607600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_611600.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_625800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_625800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_674800.gif (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\AdCache\b_434_2_2_674800.htm (AdWare.Cydoor) -> Quarantined and deleted successfully.
c:\malacuxatx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 05.01.2011 20:20:04 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): D:\pagefile.sys 2000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 17,77 Gb Total Space | 4,35 Gb Free Space | 24,49% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 17,49 Gb Free Space | 89,51% Space Free | Partition Type: NTFS Computer Name: WIELAND | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG) PRC - C:\Programme\T-DSL SpeedManager\TSMSvc.exe (T-Systems Nova, Berkom) PRC - C:\Programme\D-Link AirPlus Xtreme G\AIRPLUS.exe (D-Link) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Service) -- File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG) SRV - (TSMService) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (SiSide) -- C:\WINDOWS\System32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.) DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows (R) 2000 DDK provider) DRV - (TNPacket) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH) DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 [2010.01.06 20:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions [2010.12.26 11:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\0ymbnlhj.default\extensions [2010.04.29 18:41:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\0ymbnlhj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.27 19:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.04.13 07:19:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2008.08.26 07:40:31 | 000,260,870 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 9056 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Programme\FlashGet\Jccatch.dll (Amaze Soft) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll (Amaze Soft) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [malacuxatx.exe] C:\malacuxatx.exe\malacuxatx.exe File not found O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Programme\D-Link AirPlus Xtreme G\AIRPLUS.exe (D-Link) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm () O8 - Extra context menu item: Easy-WebPrint Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (Amaze Soft) O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (Amaze Soft) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.07.06 07:00:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.05 19:57:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes [2011.01.05 19:57:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.01.05 19:57:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.01.05 19:57:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.01.05 19:57:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.05 19:26:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Desktop\Trojaner Januar 2011 [2011.01.05 19:25:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Avira [2011.01.05 19:22:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011.01.05 19:21:30 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.01.05 19:21:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.01.05 19:21:29 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.01.05 19:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.12.29 14:56:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2010.12.29 14:54:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.29 14:54:15 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.29 14:46:32 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2010.12.29 09:16:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.12.29 09:00:02 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.12.29 09:00:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.12.29 09:00:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.12.29 09:00:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.12.28 19:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2 [2010.12.28 08:48:56 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2010.12.28 08:48:55 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2010.12.27 12:04:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2010.12.27 12:03:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.12.27 10:25:37 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010.12.27 10:18:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2010.12.27 10:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer [2010.12.27 10:14:43 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2010.12.23 08:37:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Recent [2010.12.19 18:50:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Briefe [2010.12.17 05:30:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2010.12.17 05:29:42 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2010.12.15 19:17:40 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010.12.15 19:16:54 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2 [2010.12.15 19:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010.12.15 19:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.12.08 12:32:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2010.12.08 12:32:16 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.12.08 11:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.05 20:21:40 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.01.05 20:16:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.01.05 20:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.01.05 19:12:39 | 000,000,239 | RHS- | M] () -- C:\boot.ini [2011.01.01 15:57:30 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.01.01 15:57:29 | 000,462,652 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.01.01 15:57:29 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.01.01 15:57:28 | 000,085,542 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.12.30 07:57:21 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI [2010.12.29 14:56:03 | 000,001,538 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.12.29 14:46:50 | 000,001,846 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.12.29 11:26:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.12.29 08:11:50 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.12.27 19:11:38 | 000,000,811 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Internet Explorer Browser starten.lnk [2010.12.27 12:04:20 | 000,000,921 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Spybot - Search & Destroy.lnk [2010.12.23 08:37:02 | 000,087,856 | ---- | M] () -- C:\logfile [2010.12.23 08:36:57 | 001,760,256 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb [2010.12.23 08:36:57 | 000,876,544 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.12.15 19:17:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.12.15 19:17:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.12.15 19:14:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.12.15 19:13:23 | 000,000,902 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.12.12 16:20:43 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.29 14:56:03 | 000,001,538 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.12.29 14:46:50 | 000,001,846 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.12.27 19:11:38 | 000,000,811 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\Internet Explorer Browser starten.lnk [2010.12.27 12:04:20 | 000,000,921 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\Spybot - Search & Destroy.lnk [2010.12.27 10:25:07 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.12.15 19:14:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2007.11.19 13:25:25 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.05.28 12:15:22 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.03 17:09:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2005.01.15 21:24:59 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.11.27 13:13:17 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2004.11.01 13:20:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2004.11.01 12:27:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2004.10.31 12:42:37 | 000,000,528 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2004.10.31 12:13:18 | 000,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll [2004.10.31 12:13:18 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2004.10.31 11:52:12 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.10.30 21:49:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2004.10.30 21:39:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL [2004.10.30 20:03:21 | 000,000,422 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2004.10.30 19:31:09 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.07.06 08:17:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.07.06 07:43:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.07.06 07:36:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.07.06 07:20:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll [2004.07.06 07:20:17 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll [2004.07.06 07:18:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL [2004.07.06 07:18:11 | 000,123,279 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini [2004.07.06 07:17:48 | 000,206,279 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004.07.06 07:17:20 | 000,002,915 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2004.07.06 07:17:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2003.10.16 18:02:58 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\smsc.ini [2003.10.15 11:45:12 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvr223A.ini [2003.09.16 19:31:32 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini [2003.09.16 19:31:10 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.03.21 13:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2002.03.20 20:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys [2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll [2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll [2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll [2002.03.20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll ========== LOP Check ========== [2006.01.03 17:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2009.04.05 12:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008.05.17 16:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2010.06.03 06:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2009.04.10 07:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2004.10.30 20:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2004.11.01 16:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2010.11.04 13:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2006.01.03 18:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ACD Systems [2011.01.01 17:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon [2009.04.28 10:20:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Haufe [2009.04.07 14:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Lexware [2008.05.17 16:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Opera [2004.10.30 20:02:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ScanSoft [2004.11.01 17:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\T-DSL SpeedManager [2010.12.27 10:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\TeamViewer [2011.01.05 20:21:40 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.01.2011 20:20:04 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Dokumente und Einstellungen\******\Desktop\Trojaner Januar 2011
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): D:\pagefile.sys 2000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 17,77 Gb Total Space | 4,35 Gb Free Space | 24,49% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 17,49 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
Computer Name: familie | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A5F706-2FCC-4C14-9E9A-345C2DCB25E9}" = D-Link AirPlus Xtreme G Adapter
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{822586CA-0B15-428C-859A-64B3728F28E7}" = RemoteCapture Task
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3AA869-0769-4336-A1C1-3832D764EE29}" = ScanSoft OmniPage Pro 14.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}" = Direct Access USB 2.0 multi connect BAY
"{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = RAW Image Task
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04D6A72-92D3-44FB-9005-A89065245E33}" = Steuer Update 15.01
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Foto-Manager
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONBJ_Deinstall_CNMCP5m.DLL" = Canon i865
"Clean Ram_is1" = Clean Ram 1.15 - Free
"DivX Player" = DivX Player
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
"Easy-WebPrint" = Easy-WebPrint
"FlashGet(JetCar)" = FlashGet(JetCar)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{822586CA-0B15-428C-859A-64B3728F28E7}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = Canon RAW Image Task for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"PowerArchiver" = PowerArchiver
"ShockwaveFlash" = Macromedia Flash Player 8
"SiS VGA Utilities" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"TDSLSM" = T-DSL SpeedManager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.12.2010 02:56:48 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.12.2010 02:58:51 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.12.2010 03:01:53 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.12.2010 03:02:25 | Computer Name = familie | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 31.12.2010 03:02:25 | Computer Name = familie | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 31.12.2010 09:31:32 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.12.2010 09:39:34 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.12.2010 09:40:37 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.01.2011 14:10:30 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.01.2011 14:17:29 | Computer Name = familie | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 02.11.2010 05:20:36 | Computer Name = familie | Source = Service Control Manager | ID = 7034
Description = Dienst "InCD Helper" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 29.12.2010 09:48:33 | Computer Name = familie | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 05.01.2011 14:20:34 | Computer Name = familie | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 05.01.2011 14:20:34 | Computer Name = familie | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 05.01.2011 14:20:34 | Computer Name = familie | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\******\LOKALE~1\Temp\RarSFX0\redist.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 05.01.2011 15:16:21 | Computer Name = familie | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde
< End of report >
|
|
05.01.2011, 21:04
| #2 |
| /// Malware-holic   | Trojaner SPYEYE.H damit du an diesem pc wieder banking machen kannst, musst du neu aufsetzen und pc absichern.
__________________wie folgt verfahren: - daten wie dokumente bilder etc sichern - windows cd einlegen, pc von cd starten, formatieren. wähle die normale, nicht die schnelle formatierung. http://www.trojaner-board.de/96344-a...-rechners.html
__________________ |
|
06.01.2011, 10:50
| #3 |
| | Trojaner SPYEYE.H Hallo Markusg,
__________________erst mal vielen Dank für die schnelle Antwort! Leider scheint ja der GAU eingetreten zu sein, daher hier noch ergänzend die Frage: Ich hätte einige Bilder und Textdokumente zu sichern. Wenn ich die auf einen USB-Stick oder eine SD-Karte kopiere >> Wie kann ich eigentlich sicher sein, daß ich damit nicht auch einen der Schädlinge mit auf das externe Medium kopiere? Wäre für kurze Info sehr dankbar! VG t. |
|
Linear-Darstellung
