Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner Log

BKA Trojaner Log


Log-Analyse und Auswertung: BKA Trojaner Log

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 07.06.2011, 15:26   #1
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Soll den Laptop von einer Freundin wieder herrichten.
Also: Sie hat sich wohl den BKA Trojaner eingefangen und nachdem ich mich im Board schlau gemacht hab hab ich den Scan von OTLPE laufen lassen nachfolgend das Log. Bitte um Hilfe bzw um den fix.txt und vllt eine knappe Erklärung was zu tun ist.
Hier das Log von OTLPE!
Code:
ATTFilter
OTL logfile created on: 6/7/2011 4:41:56 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268.79 Gb Total Space | 148.58 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive E: | 29.28 Gb Total Space | 14.51 Gb Free Space | 49.55% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/29 15:35:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 07:24:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/03/05 12:54:50 | 000,311,296 | ---- | M] () [Auto] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009/02/11 11:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/04/29 06:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/04/29 06:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/16 07:24:04 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/24 11:59:12 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/11 10:56:03 | 000,009,336 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2009/06/17 05:17:28 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/05/25 02:50:44 | 000,164,864 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/08 16:58:00 | 007,551,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/08 13:02:48 | 000,498,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/05/01 04:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/04/10 15:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/29 12:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lokalisten.de/hxxp://www.gmx.de/ [binary data]
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Katinka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Katinka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 07:02:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/29 06:04:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/03 14:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/10/04 04:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Extensions
[2010/10/04 04:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/05 07:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\extensions
[2010/04/27 12:12:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/10 13:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/10 13:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/06 17:37:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/06 17:37:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/06 17:37:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/06 17:37:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/06 17:37:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -  File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc]  File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\Katinka_ON_C..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\Katinka_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Katinka_ON_C Winlogon: Shell - (C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe) - C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe (BitDefender)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{32ca5246-f193-11de-b57e-001f16218b2e}\Shell\AutoRun\command - "" = G:\MasterControl_Resources.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/05 05:28:38 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/05 05:14:48 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/06/05 05:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/05 05:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/05 05:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/06/02 07:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/31 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Katinka\Documents\Podcasts
[2011/05/29 07:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/05/29 07:15:51 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011/05/29 07:15:51 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011/05/29 07:15:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011/05/29 07:15:49 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2011/05/29 07:15:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011/05/29 07:15:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011/05/29 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/05/24 13:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/24 13:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/24 13:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/24 01:16:19 | 000,000,000 | ---D | C] -- C:\Users\Katinka\Documents\Verschiedenes
[2009/06/10 09:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/06/10 09:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Katinka\Documents\*.tmp files -> C:\Users\Katinka\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/06 21:07:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/06 21:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 19:59:22 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/06 19:59:22 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/06 19:59:22 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/06 19:59:22 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/06 19:54:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job
[2011/06/06 19:53:38 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/06 19:53:12 | 000,063,359 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/06 19:51:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 19:50:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 19:50:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 16:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 05:28:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/05 05:28:34 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/06/05 05:14:52 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/05 05:14:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/03 06:45:42 | 000,007,592 | ---- | M] () -- C:\Users\Katinka\AppData\Local\d3d9caps.dat
[2011/06/02 07:15:36 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/02 07:15:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/02 07:08:44 | 020,533,281 | ---- | M] () -- C:\Users\Katinka\Documents\vlc-1.1.9-win32.exe
[2011/06/02 06:17:31 | 000,000,969 | ---- | M] () -- C:\Users\Katinka\Desktop\Dropbox.lnk
[2011/06/02 06:17:31 | 000,000,949 | ---- | M] () -- C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/29 07:15:54 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/05/29 07:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/05/29 06:04:14 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/29 06:04:14 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/27 02:02:43 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/24 13:40:30 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/24 13:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[1 C:\Users\Katinka\Documents\*.tmp files -> C:\Users\Katinka\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/05 17:07:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/05 16:04:54 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/06/05 05:14:52 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/02 07:15:36 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/02 07:01:03 | 020,533,281 | ---- | C] () -- C:\Users\Katinka\Documents\vlc-1.1.9-win32.exe
[2011/05/29 07:15:54 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/05/29 07:15:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/05/24 13:40:30 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/30 05:50:58 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT
[2010/10/21 12:34:03 | 000,000,071 | ---- | C] () -- C:\Windows\UF.INI
[2010/10/21 12:07:40 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/02/10 12:26:39 | 000,007,592 | ---- | C] () -- C:\Users\Katinka\AppData\Local\d3d9caps.dat
[2010/01/26 05:33:39 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/15 15:06:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/02 13:48:31 | 000,000,099 | ---- | C] () -- C:\Users\Katinka\AppData\default.pls
[2009/12/30 07:43:14 | 000,063,359 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/30 07:43:14 | 000,063,359 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/29 15:01:05 | 000,019,456 | ---- | C] () -- C:\Users\Katinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 14:39:24 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2009/09/11 10:56:03 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2009/09/11 06:21:17 | 000,000,688 | ---- | C] () -- C:\Users\Katinka\AppData\Roaming\wklnhst.dat
[2009/06/10 10:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009/06/10 09:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/06/10 09:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009/06/10 09:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/06/10 09:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/06/10 08:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009/06/10 08:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/06/10 08:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/06/09 14:24:37 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/06/09 14:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/06/09 14:24:37 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/06/09 14:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/06/09 04:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/09 04:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/09 04:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/06/04 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Dropbox
[2010/03/29 03:28:37 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Facebook
[2009/11/08 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\ICQ
[2009/10/04 06:44:43 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Template
[2010/10/04 04:27:53 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Thunderbird
[2009/11/10 15:01:10 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\WeatherDPA
[2009/11/10 15:01:11 | 000,000,000 | ---D | M] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/11/10 15:02:15 | 000,000,000 | ---D | M] -- C:\ProgramData\HotbarSA
[2009/06/10 10:18:19 | 000,000,000 | ---D | M] -- C:\ProgramData\LKG
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/06/10 16:20:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/01/05 11:14:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/06/08 17:15:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/10 11:22:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/06/06 21:07:56 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/05 17:14:08 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/06 19:54:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job
 
========== Purity Check ==========
 
 
< End of report >

Alt 07.06.2011, 15:33   #2
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


machen wir doch glatt
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:
ATTFilter
:OTL
O20 - HKU\Katinka_ON_C Winlogon: Shell - (C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe) - C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe
(BitDefender)
:Files
C:\Users\Katinka\AppData\Local\Temp
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________
Alt 07.06.2011, 16:07   #3
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Zitat:
Zitat von markusg Beitrag anzeigen
...
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
...
Habe den Post trotz benutzen der Suchfunktion und durchforsten deiner ganzen Beiträge leider nicht gefunden. Wäre nett wenn du ihn verlinken könntest, da ich lieber gleich alles richtig mache anstatt später festzustellen das ich etwas falsch gemacht habe.
__________________
Alt 07.06.2011, 16:08   #4
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


sorry, hätte das anpassen müssen, du musst die otl cd starten wie am anfang, nur dass du keinen scan lädst sondern den fix ausführst
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.06.2011, 16:40   #5
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Also habe den Fix durchgeführt und es kam kein automatischer neustart dafür wurde die Datei geöffnet, die im movedFiles Ordner war/ist deshalb lade ich sie hoch wie beschrieben.
Habe versucht manuell neuzustarten, leider immernoch der BKA Screen.
Was vielleicht noch zu erwähnen ist ich musste den Fix manuell eingeben und konnte die Text-datei nich laden da ein Shell-Fehler auftrat, als ich versuchte einen anderen Pfad auszuwählen. (Access violation at address 7CA0C936 in module 'shell32.dll'. Read of address 00000006.)

EDIT: Datei sollte hochgeladen sein.

EDIT2: Bin wohl eine Zeile verrutscht und habe den scan als fix.txt benutzt -.-, heißt die hochgeladenen Dateien bis jetzt sollten auch notzlos sein. Melde mich nochmal wenn alles richtig durchgeführt wurde.

Geändert von SecreT2k (07.06.2011 um 17:14 Uhr) Grund: Schreibfehler

Alt 07.06.2011, 20:02   #6
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Soo.. der Fix lief und Windows lässt sich wieder normal starten, leider scheint meine Freundin nie ihren temporären Ordner gelöscht zu haben heißt die Datei die ich hochladen werde umfasst 955 Megabyte gezippt! Die otl.txt wurde leider nicht geöffnet aber da sich diese wohl im Ordner _OTL befindet gehe ich einach mal davon aus das es diese hier ist (06072011_210458.txt):
Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\Katinka_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe deleted successfully.
C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe moved successfully.
========== FILES ==========
C:\Users\Katinka\AppData\Local\Temp\{db9dc632-2bc9-4671-b409-0257bcc0eef2} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{7782BCFB-B024-4C7D-A72B-DCE76020B1F5}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{7782BCFB-B024-4C7D-A72B-DCE76020B1F5} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{3bc7a8c2-945c-45ce-82e0-c261525f5073} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{01c1360c-68be-4b83-bbdd-ae09e4af76d6} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Word8.0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Windows Live Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\VBE folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XUHEDJ9H folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\LFXGMZ4E folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\H5YUIW63 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\G7ON2C7J folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp4_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp3_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp2_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_sob_bd1_kap1_kol1_abb2_23_a_with_legend_singledownload.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_sob_bd1_kap1_kol1_abb2_23_a_with_legend_singledownload-1.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Probestipendium[1].zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_lk_2009.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Literaturverzeichnis night[1].zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Abiball.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_63-termitrainer_12.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\TCD1ADF.tmp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\rb\3416 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\rb folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-9 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-8 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-7 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-6 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-5 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-4 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-3 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-14 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-13 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-12 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-11 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-10 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Picasa3\Picasa filecheck folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Picasa3 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\PDFCreator\PDFCreatorSpool folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\PDFCreator folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Outlook-Protokoll folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\outlook logging folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OneNoteRuntimeCache\OneNoteRuntimeCache_Files folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OneNoteRuntimeCache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OIS\temp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OIS\cacheFiles folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OIS folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\nro.log\log folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\nro.log folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\msohtmlclip1 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\msohtmlclip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\MessengerCache\Sounds folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\MessengerCache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Windows Live Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Low folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\ImageUploader_Temp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\hsperfdata_Katinka folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Google Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Cab97A0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Adobe\Acrobat folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Adobe folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\hsperfdata_Katinka folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\History folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Google Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\DWDD38D.tmp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Cookies folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\comtypes_cache\Dropbox-25 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\comtypes_cache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\CDM folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\AVSETUP_4b6ef529 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Audible Device Images folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\AAWInstallerTemp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\951E.dir folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\8FD1.dir folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\871A.dir folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223700001664rcpxylrqc2 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223600001664utg2h2xl9d folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\11232236000016642jibvk0sg0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664ox2fhr6iw8 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664ezva8ote5l folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664ejdkfjur90 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664898a5k3e2p folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223400001664roey4ufd4d folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223400001664msztx54skn folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223400001664bs7u757dzh folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202500000348mvbhbta59d folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\012720250000034884s4a5w5yk folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202300000348ywq413k4cy folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202300000348x48iq90ml8 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202300000348judr5s3bh2 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202200000348zbh0jeo60a folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\012720220000034806r9i9xc01 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202100000348mjbg7pop1k folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202100000348mdbvmgz9ek folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\01272021000003483aqrylp18x folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\012720210000034815ch1tc0jx folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Katinka
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Katinka
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9340107089 bytes
 
Total Files Cleaned = 8,907.00 mb
 
 
OTLPE by OldTimer - Version 3.1.46.0 log created on 06072011_210458
Werde jetzt anfangen die gezippte MovedFiles Datei hochzuladen.

Alt 07.06.2011, 20:07   #7
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


sorry das war meine schuld, hab da nicht genug kopiert.
der ordner temp wurde neu erstellt nehme ich an? also automatisch?
öffne mal otl. klicke bereinigen, dann wird otl + moved files gelöscht.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.06.2011, 20:17   #8
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Wie oder wo soll ich otl. öffnen nochmal von der CD starten? oder über Windows die CD starten?

Alt 07.06.2011, 20:22   #9
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


sorry lösche einfach den ordner moved files.
und dann mit combofix weiter.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.06.2011, 20:53   #10
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Also ComboFix lief durch und hier ist die ComboFix.txt:
Code:
ATTFilter
ComboFix 11-06-06.07 - Katinka 08.06.2011   0:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1474 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HotbarSA
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Katinka\AppData\Roaming\WeatherDPA
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-07 bis 2011-06-07  ))))))))))))))))))))))))))))))
.
.
2011-06-07 22:34 . 2011-06-07 22:36	--------	d-----w-	C:\32788R22FWJFW
2011-06-07 21:07 . 2011-06-07 22:47	--------	d-----w-	c:\users\Katinka\AppData\Local\Temp
2011-06-05 20:04 . 2011-06-05 09:28	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-06-05 09:28 . 2011-06-05 09:28	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-06-05 09:14 . 2011-04-29 10:12	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-06-05 09:14 . 2011-06-05 09:14	--------	d-----w-	c:\program files\Lavasoft
2011-06-05 09:14 . 2011-06-05 09:14	--------	d-----w-	c:\programdata\Lavasoft
2011-06-03 10:58 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B2EEB2-5AF4-449C-B933-6C89678B0AFE}\mpengine.dll
2011-05-29 11:15 . 2004-03-08 23:00	662288	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2011-05-29 11:15 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2011-05-29 11:15 . 1998-06-23 23:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2011-05-29 11:15 . 2011-05-29 11:16	--------	d-----w-	c:\program files\PDFCreator
2011-05-29 11:15 . 1998-07-06 16:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2011-05-29 11:15 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2011-05-29 11:15 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2011-05-29 11:15 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2011-05-24 17:40 . 2011-06-07 21:20	--------	d-----w-	c:\programdata\Skype Extras
2011-05-24 17:40 . 2011-05-24 17:40	--------	d-----w-	c:\program files\Common Files\Skype
2011-05-11 19:29 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 11:24 . 2010-02-07 17:17	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-27 10:54	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 08:20	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 08:20	1136640	----a-w-	c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-06-19 765952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Katinka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
WkCalRem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca96149fdacf30;Google Update Service (gupdate1ca96149fdacf30);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-05-08 498176]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 16:18]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:57]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:57]
.
2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-08 00:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-08  00:49:05
ComboFix-quarantined-files.txt  2011-06-07 22:48
.
Vor Suchlauf: 8 Verzeichnis(se), 165.580.804.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 165.532.012.544 Bytes frei
.
- - End Of File - - 29B4450EDEDD43FACE49E9B146A91181
PS: Hör auch dich zu entschuldigen fühl mich schon schlecht ^.^

Alt 08.06.2011, 10:28   #11
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2011, 16:33   #12
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Hier der Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6810

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

08.06.2011 20:22:36
mbam-log-2011-06-08 (20-22-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 334715
Laufzeit: 1 Stunde(n), 1 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\biologie chemie 5 bis 13\umrechner.exe (Trojan.FakeCalc) -> Quarantined and deleted successfully.

Alt 08.06.2011, 16:35   #13
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


c:\program files\biologie chemie 5 bis 13\umrechner.exe (Trojan.FakeCalc) -> Quarantined and deleted successfully.
sieht nach fehlalarm aus, kannst du aus der quarantäne hohlen

lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2011, 17:42   #14
SecreT2k
 
BKA Trojaner Log - Standard

BKA Trojaner Log


Da wie ich schon sagte das der PC einer Freundin ist sind mir natürlich einige Programme unbekannt, dehalb habs ichs einfach mal nach bestem gewissen gemacht.
Code:
ATTFilter
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	25.08.2009	13,5MB	unnötig
Ad-Aware	Lavasoft Limited	04.06.2011	33,7MB	9.0.1 notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	25.08.2009		10.0.22.87 notwendig
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	16.11.2010		10.1.102.64 notwendig
Adobe Reader 9.4.4 - Deutsch	Adobe Systems Incorporated	28.05.2011	201MB	9.4.4 notwendig
Adobe Shockwave Player 11	Adobe Systems, Inc.	25.08.2009	17,5MB	11 notwendig
Angebote ALDI SÜD Bildschirmschoner		25.08.2009	unnötig	
Apple Application Support	Apple Inc.	29.11.2010	52,7MB	1.4.1 notwendig
Apple Mobile Device Support	Apple Inc.	29.11.2010	21,7MB	3.3.0.69 notwendig
Apple Software Update	Apple Inc.	07.06.2010	2,26MB	2.1.2.120 notwendig
Audible Download Manager	Audible, Inc.	24.08.2010	3,81MB	6.6.0.12 unbekannt
Avira AntiVir Personal - Free Antivirus	Avira GmbH	28.04.2011	78,8MB	10.0.0.648 notwendig
Badaboom 1.1.1.194	Elemental Technologies	25.08.2009	14,3MB	1.1.1.194 unbekannt
Biologie Chemie 5 bis 13	Tandem	08.04.2010	211MB	2.0 unbekannt
Bonjour	Apple Inc.	28.10.2010	0,76MB	2.0.3.0 notwendig
CanoScan LiDE 210 Scanner Driver		29.01.2011	 notwendig	
CCleaner	Piriform	07.06.2011	3,68MB	3.07 notwendig
Compatibility Pack für 2007 Office System	Microsoft Corporation	13.05.2011	60,3MB	12.0.6425.1000 notwendig
Corel Home Office 5.0.56	Corel Corporation	09.06.2009	124,7MB notwendig	
CorelDRAW Essentials 4	Corel Corporation	09.06.2009	684MB	 notwendig
CorelDRAW Essentials 4 - Windows Shell Extension	Corel Corporation	09.06.2009	1,81MB notwendig	
CyberLink MediaShow	CyberLink Corp.	09.06.2009	316MB	4.1.2325 unbekannt
CyberLink PhotoNow	CyberLink Corp.	09.06.2009	21,8MB	1.1.5615 unbekannt
CyberLink PowerDirector	CyberLink Corp.	09.06.2009	423MB	7.0.2625 unbekannt
CyberLink PowerDVD 8	CyberLink Corp.	09.06.2009	94,4MB	8.0.2606a unbekannt
CyberLink PowerProducer	CyberLink Corp.	09.06.2009	311MB	5.0.1.1412 unbekannt
CyberLink YouCam	CyberLink Corp.	09.06.2009	73,8MB	2.0.2521 unbekannt
DivX Web Player	DivX,Inc.	25.08.2009	3,45MB	1.5.0 notwendig
Dropbox	Dropbox, Inc.	01.06.2011	24,0MB	1.1.35 unbekannt
e-Wörterbücher		25.08.2009	1,75MB	 notwendig
Facebook Plug-In	Facebook, Inc.	28.03.2010	11,6MB	 notwendig
Finger-sensing Pad Driver	FSP	21.06.2009	13,4MB	8.4.2.8 notwendig
Foxlink Webcam	Sonix	09.06.2009	5,70MB	5.8.51000.202_WHQL unbekannt
FreeMind		05.03.2011	16,5MB	0.9.0_RC_10 unbekannt
Google Chrome	Google Inc.	14.01.2010	154,8MB	11.0.696.71 notwendig
Google Earth	Google	10.06.2009	25,3MB	4.3.7284.3916 notwendig
Google Toolbar for Internet Explorer	Google Inc.	04.06.2011	8,71MB	7.0.1710.2246 notwendig
Google Updater	Google Inc.	25.08.2009	4,57MB	2.4.1487.6512 notwendig
ICQ6.5	ICQ	29.10.2009	48,0MB	6.5 notwendig
Intel® Matrix Storage Manager	Intel Corporation	25.08.2009	46,9MB unbekannt	
iTunes	Apple Inc.	27.12.2010	144,8MB	10.1.1.4 notwendig
Java(TM) 6 Update 23	Sun Microsystems, Inc.	09.06.2009	97,0MB	6.0.230 notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200	Malwarebytes Corporation	07.06.2011	7,29MB	1.51.0.1200
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	25.08.2009	37,0MB	 notwendig
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	25.08.2009	37,0MB	 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.06.2010	120,3MB	4. 0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	26.06.2010	24,5MB	4.0.30319 notwendig
Microsoft Office Enterprise 2007	Microsoft Corporation	21.03.2010	643MB	12.0.6425.1000 notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	11.04.2010	643MB	12.0.6425.1000 notwendig
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	13.05.2011	100,2MB	12.0.6425.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	21.04.2011	26,7MB	4.0.60310.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	09.06.2009	1,74MB	3.1.0000 notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	22.11.2009	0,61MB	1.0.1215.0 notwendig
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	26.01.2011	1,45MB	1.0.1215.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	20.09.2009	0,25MB	8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	09.06.2009	0,41MB	8.0.56336 notwendig
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	26.05.2011	0,29MB	8.0.51011 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	07.02.2010	0,19MB	9.0 .30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	26.05.2011	0,58MB	9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.02.2010	0,58MB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	29.03.2010	0,58MB	9.0.30729.4148 notwendig
Microsoft Works	Microsoft Corporation	17.12.2010	545MB	9.7.0621 notwendig
Mozilla Firefox (3.6.17)	Mozilla	30.04.2011	29,5MB	3.6.17 (de) notwendig
Mozilla Thunderbird (3.1.10)	Mozilla	02.05.2011	33,4MB	3.1.10 (de) notwendig
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	09.06.2009	34,00KB	4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	09.06.2009	1,28MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	27.11.2009	1,34MB	4.20.9876.0 unbekannt
Nero 8 Essentials	Nero AG	09.06.2009	1.938MB	8.3.124 notwendig
NVIDIA Drivers	NVIDIA Corporation	25.08.2009	3.314MB	1.3 notwendig
PDFCreator	Frank Heindörfer, Philip Chinery	28.05.2011	30,1MB	1.2.1 notwendig
Picasa 3	Google, Inc.	29.01.2011	96,2MB	3.8 notwendig
QuickTime	Apple Inc.	27.12.2010	73,7MB	7.69.80.9 notwendig
Realtek 8136 8168 8169 Ethernet Driver	Realtek	16.06.2009	1,60MB	1.00.0005 notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.06.2009	9,29MB	6.0.1.5730 notwendig
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	09.06.2009	1,50MB	6.0.6000.20111 notwendig
REALTEK Wireless LAN Driver	REALTEK Semiconductor Corp.	09.06.2009	7,10MB	1.01.0092 notwendig
Skype Toolbars	Skype Technologies S.A.	23.05.2011	5,86MB	5.3.7280 unnötig
Skype™ 5.3	Skype Technologies S.A.	23.05.2011	22,6MB	5.3.111 notwendig
Sobotta interaktiv - Bewegungsapparat		25.10.2010	13,0MB unbekannt	
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	08.11.2009	29,7MB	9.0.0 notwendig
TIPP10 Version 2.0.3	(c) 2006-2008, Tom Thielicke	03.10.2009	12,2MB notwendig	
Trivial Pursuit		06.02.2010	45,1MB	 notwendig
VLC media player 1.1.9	VideoLAN	01.06.2011	75,7MB	1.1.9 notwendig
Windows Live Anmelde-Assistent	Microsoft Corporation	09.06.2009	1,93MB	5.000.818.6 notwendig
Windows Live Essentials	Microsoft Corporation	26.01.2011	136,5MB	14.0.8117.0416 notwendig
Windows Live Sync	Microsoft Corporation	26.01.2011	2,79MB	14.0.8117.416 notwendig
Windows Live-Uploadtool	Microsoft Corporation	09.06.2009	0,22MB	14.0.8014.1029 notwendig

Alt 08.06.2011, 17:45   #15
markusg
/// Malware-holic
 
BKA Trojaner Log - Standard

BKA Trojaner Log


dann arbeite es doch mit ihr gemeinsam durch
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 2 1 2

Themen zu BKA Trojaner Log
ad-aware, adobe, antivir, autorun, avira, bho, bonjour, defender, desktop, firefox, format, google, home, logfile, mozilla, mozilla thunderbird, nvlddmkm.sys, object, oldtimer, plug-in, realtek, reatogo, registry, scan, sched.exe, searchplugins, software, start menu, temp, trojaner, trojaner eingefangen, usb, usb 2.0, vista


« Trojaner TR/Crypt.XPACK.Gen3 | Windows 7 Recovery | tdsskiller startet nicht »


Zum Thema BKA Trojaner Log - Soll den Laptop von einer Freundin wieder herrichten. Also: Sie hat sich wohl den BKA Trojaner eingefangen und nachdem ich mich im Board schlau gemacht hab hab ich den Scan - BKA Trojaner Log...
Archiv
Du betrachtest: BKA Trojaner Log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131