Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: win32.katusha.o

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 06.06.2011, 12:29   #1
Fabo63
 
win32.katusha.o - Standard

win32.katusha.o



Hallo,

vielleicht könnt ihr mir weiter helfen... (VISTA)
Hab mir den oben genannten trojaner eingefangen (entdeckt via Spybot).

Dann mal hier rumgeschaut...
hab mir dann "Malwarebytes' Anti-Malware und OTL runtergeladen"

Ergebnis ist... und was dann?

OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.06.2011 13:02:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Fabo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 389,68 Mb Available Physical Memory | 38,14% Memory free
2,26 Gb Paging File | 1,00 Gb Available in Paging File | 44,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 17,74 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive D: | 45,22 Gb Total Space | 44,01 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FABO-PC | User Name: Fabo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fabo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
Extras.Txt
OTL Extras logfile created on: 06.06.2011 13:02:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Fabo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 389,68 Mb Available Physical Memory | 38,14% Memory free
2,26 Gb Paging File | 1,00 Gb Available in Paging File | 44,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 17,74 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive D: | 45,22 Gb Total Space | 44,01 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FABO-PC | User Name: Fabo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0413632B-5EC7-4525-984D-B745E8E9596E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aolsoftware.exe | 
"{2EBBD3A2-D382-4047-ABCE-60F97E1D43EC}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{39582C3D-2398-4EAD-94C9-29A4B2CB004B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{3A346966-F733-4DCE-95B7-0DC55CAE854F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{551A332E-82B1-45F2-B6D0-E47BED548AE3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{5655B0B8-D57C-4388-88D6-74B1E92C880E}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{6A77C70C-8523-446B-B008-2725B1B3294E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aim6.exe | 
"{945C6A96-6390-46BB-8DB5-D5744336E980}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aim6.exe | 
"{976F9394-DAB8-451E-A656-F5FCECA878AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{9A1346DA-79A3-4815-89AD-D589E433A227}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA4E11D7-C8C6-4D1B-9AF8-83056C2D7627}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{D8BE13D5-79E3-41F0-B6E6-BBF4DD0B5F95}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{FC07AB1A-3917-45F7-876B-AEA12098652C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aolsoftware.exe | 
"TCP Query User{04490357-D608-4212-8D0E-4A55A183C010}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{2EE760C8-70A6-473B-A736-6B8919B1B588}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{37649102-D229-46FF-87F7-3D74E6C03399}C:\program files\free internet tv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\free internet tv\internettv.exe | 
"TCP Query User{454BCF0B-29E4-499B-81C3-93B9A46D99E6}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{48AFD5EA-3F9F-4ADF-AB37-4D027C4B1870}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{51C6A75A-821A-4F89-BDB8-5928F4FBAC0D}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{5A03C68E-FD00-422C-A637-D74CEF077410}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{662EE09E-C16F-4B24-B76F-D5733D2BAC9A}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"TCP Query User{92406D0F-B784-4F3C-BC9A-C7D236B91D52}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"TCP Query User{B1A5991D-2C13-47CC-82A0-1F90D77F5EBF}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"TCP Query User{BA3AA1AC-877E-4A6F-AEA4-6B8F014C025A}C:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe | 
"TCP Query User{CEB34E3A-A70D-4A34-A744-FC37CC43C500}C:\program files\ea sports\madden nfl 08\updater.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\madden nfl 08\updater.exe | 
"TCP Query User{D5D4BB1E-E7D2-48D3-BD37-6B2D0B945BD1}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{05B3CF6C-4AD3-4212-8255-CBD07843C2D2}C:\program files\ea sports\madden nfl 08\updater.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\madden nfl 08\updater.exe | 
"UDP Query User{11E1B6AE-5FAB-468C-89B1-6203E03CC73A}C:\program files\free internet tv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\free internet tv\internettv.exe | 
"UDP Query User{17FF0DE8-6738-42B6-8645-C3665DC21A7C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{1DB50B4D-DD9F-46CD-B91B-EB3C45EBFA1A}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"UDP Query User{5B32CA34-B22C-4FA2-B005-77E26324CE8B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{7CBA7D46-87E3-48F3-9282-F2CDC31CF8FA}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{823F02A0-F177-4B1D-A8D2-33CBE3E2C6F5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8AA04F9D-E1B0-4363-9030-C6A31EAE9754}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"UDP Query User{996614CB-998A-49DC-90D6-B56CDE926997}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{A7FCD5BB-38AF-4C13-890A-C653F4CCA63A}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{BDBFF406-9967-4924-B254-8F4D87F4A6EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{CE2A3224-CD67-4456-B379-F452045703BF}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"UDP Query User{E7E9CFF8-33E2-4C9A-9BA7-248FED0D4756}C:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC464A-4164-48CB-0080-EDA41ADE7D44}" = Madden NFL 08
"{538A1AE6-5D8B-4BF1-B1B3-AE14FDE21C09}" = Test_OnlineDiagnostic
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CA70204D-9437-4646-942E-8172F62F96AD}" = Garmin City Navigator Europe NT 2011.30 Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DC1674-B5E8-4364-009E-B350048DD006}" = NHL 2005
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.49 beta
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Backgammon_v0.3.2" = Backgammon-v0.3.2
"Billiard Art_is1" = Billiard Art
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.33.426
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TVEpaDrv" = Conrad Electronic USB 2860 Device Driver
"TVUPlayer" = TVUPlayer 2.4.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinRAR archiver" = WinRAR archiver
"X264 H.264/AVC Video Codec" = X264 H.264/AVC Video Codec (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2008 18:14:00 | Computer Name = Fabo-PC | Source = H+BEDV AntiVir | ID = 4118
Description = 
 
Error - 13.03.2008 18:14:18 | Computer Name = Fabo-PC | Source = H+BEDV AntiVir | ID = 4118
Description = 
 
Error - 13.03.2008 18:35:55 | Computer Name = Fabo-PC | Source = H+BEDV AntiVir | ID = 4118
Description = 
 
Error - 22.03.2008 16:13:13 | Computer Name = Fabo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.8.20080.20121, Zeitstempel
0x47a4062e, fehlerhaftes Modul nss3.dll, Version 3.11.5.0, Zeitstempel 0x47a40804,
Ausnahmecode 0xc0000005, Fehleroffset 0x000306df, Prozess-ID 0xa1c, Anwendungsstartzeit
01c88c4ab4b3e3a6.
 
Error - 22.03.2008 20:05:48 | Computer Name = Fabo-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 8.5.1302.1018 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 8d8 Anfangszeit: 01c88c7978a5edab Zeitpunkt
der Beendigung: 67
 
Error - 22.03.2008 20:25:09 | Computer Name = Fabo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.04.2008 11:21:09 | Computer Name = Fabo-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 11.0.6000.6344 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 1204 Anfangszeit: 01c894d5245e2e68 Zeitpunkt
der Beendigung: 9
 
Error - 03.04.2008 11:09:22 | Computer Name = Fabo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.04.2008 07:52:38 | Computer Name = Fabo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aolsoftware.exe, Version 1.4.16.3, Zeitstempel
0x4447c056, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x00061ad5, Prozess-ID 0xe6c, Anwendungsstartzeit
01c89713470b2348.
 
Error - 05.04.2008 07:53:08 | Computer Name = Fabo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aolsoftware.exe, Version 1.4.16.3, Zeitstempel
0x4447c056, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x000627af, Prozess-ID 0xe6c, Anwendungsstartzeit
01c89713470b2348.
 
[ System Events ]
Error - 25.05.2011 00:06:14 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.05.2011 um 00:53:27 unerwartet heruntergefahren.
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 26.05.2011 11:08:30 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.05.2011 um 17:01:47 unerwartet heruntergefahren.
 
Error - 26.05.2011 14:27:02 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.05.2011 um 20:23:14 unerwartet heruntergefahren.
 
Error - 27.05.2011 00:14:10 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.05.2011 um 06:09:10 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

 

Themen zu win32.katusha.o
7-zip, adobe, antivir, bonjour, defender, desktop, error, explorer, extras.txt, firefox, flash player, home, install.exe, logfile, nss3.dll, ntdll.dll, oldtimer, otl.txt, plug-in, realtek, registry, safer networking, scan, sched.exe, security, shell32.dll, software, trojaner, trojaner eingefangen, usb, win32/spy.agent.ntn




Ähnliche Themen: win32.katusha.o


  1. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Log-Analyse und Auswertung - 06.04.2012 (3)
  2. Habe den Trojaner W32.Katusha.o und kann ihn nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (1)
  3. Kann Trojaner "win32.katusha.o " nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (14)
  4. Backdoor14.avbq & Katusha.A Virus
    Log-Analyse und Auswertung - 20.11.2011 (6)
  5. Win32.Katusha.o / Fraud.WindowsLive.BHO und Babylon.Toolbar- gelöscht, aber sind Sie wirklich weg?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (25)
  6. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  7. PC wieder frei nach Trojaner packed.win32.katusha.n?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2011 (11)
  8. W32/Katusha.BN
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (1)
  9. Trojaner Win32.Katusha.o in C:\Windows\System32\sysstore.dll (SBI$D40E955A) Library
    Log-Analyse und Auswertung - 06.06.2011 (15)
  10. Trojaner WIN32.Katusha.o lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2011 (27)
  11. sammelsurium an plagen... katusha, reno usw
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (15)
  12. TR/PCK.Katusha.N.2755 im Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (12)
  13. win32.katusha.o
    Log-Analyse und Auswertung - 13.08.2010 (8)
  14. Trojaner Problem Katusha.N.1387
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (3)
  15. Diverse Trojaner wie TR/Crypt.XPACK.gen2, TR/PCK.Katusha.M.54 ...
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (2)
  16. Bekomme TR/PCK.Katusha.L.181 & andere nicht los
    Plagegeister aller Art und deren Bekämpfung - 04.05.2010 (1)
  17. Viren: packed.win32.katusha.e / Trojan-spy.html.fraud.gen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (16)

Zum Thema win32.katusha.o - Hallo, vielleicht könnt ihr mir weiter helfen... (VISTA) Hab mir den oben genannten trojaner eingefangen (entdeckt via Spybot). Dann mal hier rumgeschaut... hab mir dann "Malwarebytes' Anti-Malware und OTL runtergeladen" - win32.katusha.o...
Archiv
Du betrachtest: win32.katusha.o auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.