| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner auf dem RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2011, 16:06
| #1 |
| |  BKA Trojaner auf dem Rechner Hallo, da es ja in den Regeln steht poste ich für mein Problem ein neues Thema, ich hoffe das ist richtig so. Wie im Titel beschrieben habe ich mir den BKA Virus mit der Erpresser-Nummer eingefangen. Und zwar auf ein Notebook mit Windows-Vista Die OTLPENet.exe habe ich mir schon gebrannt und mit der CD gebootet. Das hier sind die dazugehörigen LOGs aus der Txt. Datei Bitte seit geduldig mit mir ich bin ein echter DAU. Vielen Dank Viele Grüße Amelia OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/9/2011 6:49:29 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.32 Gb Total Space | 34.96 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
Drive D: | 130.81 Gb Total Space | 77.08 Gb Free Space | 58.93% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2011/04/28 03:34:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/20 15:00:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/11/05 09:28:10 | 000,204,915 | ---- | M] (Option) [Auto] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/08/08 08:00:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/12/08 04:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/09/14 02:56:06 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/20 15:00:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 09:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/07/09 09:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/06/26 08:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/04/03 10:53:12 | 000,047,872 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/03/30 08:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/02/25 00:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/15 17:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/22 12:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/07/14 08:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/07 13:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\sven_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/10 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/10 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 04:40:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 04:40:55 | 000,000,000 | ---D | M]
[2008/09/03 05:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sven\AppData\Roaming\Mozilla\Extensions
[2011/05/18 03:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions
[2010/12/15 15:37:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/18 12:49:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/15 15:37:54 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/07/22 01:57:29 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\2020Player@2020Technologies.com
[2010/12/15 15:37:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/05/18 03:12:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\engine@conduit.com
[2010/12/08 09:47:52 | 000,000,927 | ---- | M] () -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\searchplugins\conduit.xml
[2011/05/15 12:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 17:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/16 12:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/15 12:34:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2008/09/03 05:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) --
[2011/05/16 04:40:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/13 23:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/16 04:40:52 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/05/16 04:40:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/16 04:40:52 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/05/16 04:40:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/05/16 04:40:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/05/16 04:40:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\sven_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\sven_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [recinfo919] C:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\sven_ON_C..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\sven_ON_C..\Run: [iPhone PC Suite] File not found
O4 - HKU\sven_ON_C..\Run: [Vidalia] File not found
O7 - HKU\sven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\sven_ON_C Winlogon: Shell - (C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EM66VHA\calc[1].exe) - C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EM66VHA\calc[1].exe ()
O24 - Desktop WallPaper: D:\Gladiatores Geschäftlich\wallpaper2.jpg
O24 - Desktop BackupWallPaper: D:\Gladiatores Geschäftlich\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06755d29-d13b-11dd-8679-00030d7c4590}\Shell - "" = AutoRun
O33 - MountPoints2\{06755d29-d13b-11dd-8679-00030d7c4590}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{6343ddbd-0ebe-11e0-99ae-91dc59051ef4}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{9da564ae-7766-11de-a576-00030d7c4590}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/31 12:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/21 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\sven\AppData\Local\WinZip
[2011/05/15 12:34:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/15 12:34:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/15 12:34:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/02 10:42:25 | 010,013,416 | ---- | C] (Geek Software GmbH ) -- C:\Program Files\pdf24.exe
[12 C:\Users\sven\Desktop\*.tmp files -> C:\Users\sven\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/09 10:07:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/09 10:06:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 10:06:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 10:06:11 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 10:06:01 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 08:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 07:47:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
[2011/06/09 07:44:32 | 000,693,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/09 07:44:32 | 000,654,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/09 07:44:32 | 000,137,946 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/09 07:44:32 | 000,120,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/08 16:59:13 | 000,330,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/31 12:45:17 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/31 12:45:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/16 04:40:55 | 000,000,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/05/16 04:40:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[12 C:\Users\sven\Desktop\*.tmp files -> C:\Users\sven\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/09 09:40:28 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 12:45:17 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/16 04:40:55 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/28 09:56:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/28 09:56:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/03/28 09:56:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/03/28 09:56:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/28 09:56:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/28 09:56:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/03/28 09:56:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/28 09:56:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/03/28 09:56:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/03/28 09:56:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/03/28 09:56:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/03/28 09:56:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/03/28 09:56:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/03/28 09:56:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/03/28 09:56:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/03/28 09:56:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/03/28 09:56:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/03/28 09:56:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/28 09:56:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/25 06:12:48 | 000,000,680 | ---- | C] () -- C:\Users\sven\AppData\Local\d3d9caps.dat
[2010/11/05 06:15:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/21 06:00:08 | 000,000,039 | ---- | C] () -- C:\Windows\eplan.ini
[2010/07/10 08:16:10 | 000,111,408 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/31 14:04:55 | 031,200,417 | ---- | C] () -- C:\Program Files\FFSetup220.zip
[2009/10/28 05:54:47 | 000,082,944 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009/06/30 10:48:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/15 10:32:30 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/10/15 10:32:15 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2008/10/15 10:32:06 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/03/04 11:15:51 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/04 09:03:49 | 000,056,832 | ---- | C] () -- C:\Users\sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 08:03:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/04 07:53:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 11:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 11:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 11:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 11:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/08 16:27:54 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/08/08 08:25:27 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/08 08:25:27 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2006/11/02 11:33:31 | 000,693,848 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,137,946 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,330,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,654,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,936 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 03:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003/02/20 03:59:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll
[1999/12/15 13:16:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\Lpng.dll
[1999/04/29 16:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/09/05 08:33:03 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Alltags-Programme
[2011/01/24 05:45:09 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Amazon
[2009/06/26 04:06:52 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Any Video Converter
[2011/06/08 13:55:09 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\BitTorrent
[2011/03/18 12:49:02 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/06 11:47:55 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\FileZilla
[2008/03/21 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Opera
[2010/12/25 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Shareaza
[2010/06/19 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\SmartStore
[2010/07/10 06:49:18 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\WindSolutions
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/10 07:35:41 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/04 07:28:22 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc-reg
[2011/03/28 10:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/07/10 06:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2009/01/06 07:24:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2008/03/04 07:27:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/07/08 15:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/09 10:07:26 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/09 07:47:09 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
========== Purity Check ==========
< End of report >
|
|
09.06.2011, 19:28
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA Trojaner auf dem Rechner Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\sven_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\sven_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O20 - HKU\sven_ON_C Winlogon: Shell - (C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EM66VHA\calc[1].exe) - C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EM66VHA\calc[1].exe ()
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06755d29-d13b-11dd-8679-00030d7c4590}\Shell - "" = AutoRun
O33 - MountPoints2\{06755d29-d13b-11dd-8679-00030d7c4590}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{6343ddbd-0ebe-11e0-99ae-91dc59051ef4}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{9da564ae-7766-11de-a576-00030d7c4590}\Shell\verb1\command - "" = desktop.exe
:Files
C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
09.06.2011, 20:56
| #3 |
| | BKA Trojaner auf dem Rechner Hallo Arne,
__________________vielen Dank für Deine Hilfe. Ich habe aber glaube ich einen Fehler gemacht. Ich habe das Logfile nach dem fixen irgendwie nicht kopiert :-( Jedenfalls habe ich deshalb nochmal gescant. Ich hoffe das war jetzt nicht allzu verkehrt? Wie geht es denn jetzt weiter? Liebe Grüße Amelia OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/10/2011 1:45:20 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.32 Gb Total Space | 34.96 Gb Free Space | 38.70% Space Free | Partition Type: NTFS
Drive D: | 130.81 Gb Total Space | 77.08 Gb Free Space | 58.93% Space Free | Partition Type: NTFS
Drive E: | 982.97 Mb Total Space | 390.46 Mb Free Space | 39.72% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2011/04/28 03:34:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/20 15:00:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/11/05 09:28:10 | 000,204,915 | ---- | M] (Option) [Auto] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/08/08 08:00:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/12/08 04:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/09/14 02:56:06 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/20 15:00:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 09:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/07/09 09:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/06/26 08:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/04/03 10:53:12 | 000,047,872 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/03/30 08:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/02/25 00:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/15 17:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/22 12:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/07/14 08:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/07 13:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\sven_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/10 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/10 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 04:40:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 04:40:55 | 000,000,000 | ---D | M]
[2008/09/03 05:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sven\AppData\Roaming\Mozilla\Extensions
[2011/05/18 03:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions
[2010/12/15 15:37:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/18 12:49:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/15 15:37:54 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/07/22 01:57:29 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\2020Player@2020Technologies.com
[2010/12/15 15:37:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/05/18 03:12:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\engine@conduit.com
[2010/12/08 09:47:52 | 000,000,927 | ---- | M] () -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\searchplugins\conduit.xml
[2011/05/15 12:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 17:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/16 12:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/15 12:34:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2008/09/03 05:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) --
[2011/05/16 04:40:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/13 23:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/16 04:40:52 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/05/16 04:40:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/16 04:40:52 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/05/16 04:40:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/05/16 04:40:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/05/16 04:40:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/06/10 00:27:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [recinfo919] C:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\sven_ON_C..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\sven_ON_C..\Run: [iPhone PC Suite] File not found
O4 - HKU\sven_ON_C..\Run: [Vidalia] File not found
O7 - HKU\sven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\sven_ON_C Winlogon: Shell - (c:\users\sven\appdata\local\microsoft\windows\temporary internet files\content.ie5\3em66vha\calc[1].exe) - File not found
O24 - Desktop WallPaper: D:\Gladiatores Geschäftlich\wallpaper2.jpg
O24 - Desktop BackupWallPaper: D:\Gladiatores Geschäftlich\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/10 00:27:12 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/06/10 00:27:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/31 12:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/21 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\sven\AppData\Local\WinZip
[2011/05/15 12:34:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/15 12:34:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/15 12:34:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/02 10:42:25 | 010,013,416 | ---- | C] (Geek Software GmbH ) -- C:\Program Files\pdf24.exe
[12 C:\Users\sven\Desktop\*.tmp files -> C:\Users\sven\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/09 18:31:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/09 18:29:35 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 18:29:35 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 18:29:32 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 18:29:25 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 08:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 07:47:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
[2011/06/09 07:44:32 | 000,693,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/09 07:44:32 | 000,654,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/09 07:44:32 | 000,137,946 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/09 07:44:32 | 000,120,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/08 16:59:13 | 000,330,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/31 12:45:17 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/31 12:45:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/16 04:40:55 | 000,000,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/05/16 04:40:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[12 C:\Users\sven\Desktop\*.tmp files -> C:\Users\sven\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/09 09:40:28 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 12:45:17 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/16 04:40:55 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/28 09:56:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/28 09:56:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/03/28 09:56:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/03/28 09:56:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/28 09:56:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/28 09:56:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/03/28 09:56:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/28 09:56:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/03/28 09:56:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/03/28 09:56:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/03/28 09:56:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/03/28 09:56:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/03/28 09:56:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/03/28 09:56:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/03/28 09:56:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/03/28 09:56:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/03/28 09:56:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/03/28 09:56:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/28 09:56:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/25 06:12:48 | 000,000,680 | ---- | C] () -- C:\Users\sven\AppData\Local\d3d9caps.dat
[2010/11/05 06:15:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/21 06:00:08 | 000,000,039 | ---- | C] () -- C:\Windows\eplan.ini
[2010/07/10 08:16:10 | 000,111,408 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/31 14:04:55 | 031,200,417 | ---- | C] () -- C:\Program Files\FFSetup220.zip
[2009/10/28 05:54:47 | 000,082,944 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009/06/30 10:48:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/15 10:32:30 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/10/15 10:32:15 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2008/10/15 10:32:06 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/03/04 11:15:51 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/04 09:03:49 | 000,056,832 | ---- | C] () -- C:\Users\sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 08:03:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/04 07:53:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 11:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 11:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 11:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 11:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/08 16:27:54 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/08/08 08:25:27 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/08 08:25:27 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2006/11/02 11:33:31 | 000,693,848 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,137,946 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,330,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,654,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,936 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 03:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003/02/20 03:59:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll
[1999/12/15 13:16:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\Lpng.dll
[1999/04/29 16:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/09/05 08:33:03 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Alltags-Programme
[2011/01/24 05:45:09 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Amazon
[2009/06/26 04:06:52 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Any Video Converter
[2011/06/09 18:30:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\BitTorrent
[2011/03/18 12:49:02 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/06 11:47:55 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\FileZilla
[2008/03/21 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Opera
[2010/12/25 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Shareaza
[2010/06/19 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\SmartStore
[2010/07/10 06:49:18 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\WindSolutions
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/10 07:35:41 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/04 07:28:22 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc-reg
[2011/03/28 10:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/07/10 06:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2009/01/06 07:24:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2008/03/04 07:27:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/07/08 15:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/09 18:30:51 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/09 07:47:09 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
========== Purity Check ==========
< End of report >
|
|
09.06.2011, 21:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner auf dem Rechner Schau mal in den Ordner C:\_OTL nach dem Fix-Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.06.2011, 21:36
| #5 | |
| | BKA Trojaner auf dem Rechner Hallo, ist es das hier? Grüßlis Amelia Zitat:
|
|
09.06.2011, 21:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner auf dem Rechner Jop  Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> BKA Trojaner auf dem Rechner |
|
06.07.2011, 11:27
| #7 | |
| | BKA Trojaner auf dem Rechner Hallo Arne, bitte entschuldige das ich mich erst jetzt wieder melde - aber ich "musste" erstmal in den Urlaub. Vielen Dank auf jeden Fall für Deine Hilfe. Ich habe heute den Scan gemacht: Zitat:
Amelia |
|
06.07.2011, 12:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner auf dem Rechner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2011, 13:09
| #9 |
| | BKA Trojaner auf dem Rechner Hallo, und hier das ComboFix Log: LG Amelia Combofix Logfile: Code:
ATTFilter ComboFix 11-07-06.02 - sven 06.07.2011 13:54:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2038.1016 [GMT 2:00]
ausgeführt von:: c:\users\sven\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sven\Desktop\Setup.exe
c:\users\sven\GoogleEarthSetup.exe
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-06 bis 2011-07-06 ))))))))))))))))))))))))))))))
.
.
2011-07-06 11:51 . 2011-07-06 11:51 -------- d-----w- C:\32788R22FWJFW
2011-07-06 11:04 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40C4C27A-1FFF-435E-AC6F-9956C3B2080E}\mpengine.dll
2011-07-06 10:44 . 2011-07-06 10:44 -------- d-----w- c:\users\sven\AppData\Roaming\Avira
2011-07-06 10:43 . 2011-07-06 10:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 10:34 . 2011-07-06 10:34 -------- d-----w- c:\program files\Ask.com
2011-06-10 04:27 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-10 04:27 . 2011-06-10 04:27 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 10:31 . 2009-10-29 07:16 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-06 10:31 . 2009-10-29 07:16 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-24 17:14 . 2009-10-02 17:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 08:22 . 2011-05-20 08:22 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-14 03:07 . 2010-05-24 21:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-11-02 14:42 . 2009-11-02 14:42 10013416 ----a-w- c:\program files\pdf24.exe
2011-05-16 08:40 . 2011-05-16 08:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-01 11:49 1491928 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-01 1491928]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-04 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-12-28 397688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 4399104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"recinfo919"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-04-28 220552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-01 884696]
.
c:\users\sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-4-29 65588]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-3-28 172544]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 798720]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-10 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-06 428200]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 10:10]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 10:10]
.
2011-07-06 c:\windows\Tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\users\sven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
HKCU-Run-Vidalia - c:\programme\Vidalia Bundle\Vidalia\vidalia.exe
HKCU-Run-iPhone PC Suite - c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe
AddRemove-Adobe Photoshop 5.5 - c:\windows\ISUN0407.EXE
AddRemove-xampp - f:\xampp\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-06 14:02
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-06 14:05:01
ComboFix-quarantined-files.txt 2011-07-06 12:04
.
Vor Suchlauf: 23 Verzeichnis(se), 37.180.977.152 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 42.411.732.992 Bytes frei
.
- - End Of File - - AC25F3FF1E18491AAFC6E48F9DA796E3
Geändert von AmeliaBaum (06.07.2011 um 13:23 Uhr) |
|
06.07.2011, 14:30
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner auf dem Rechner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2011, 16:02
| #11 |
| | BKA Trojaner auf dem Rechner Hallo, als erstes der GMER Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-06 16:52:40
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 9u7vzrp8.exe; Driver: C:\Users\sven\AppData\Local\Temp\uwtdqpod.sys
---- System - GMER 1.0.15 ----
SSDT 88660A9C ZwClose
SSDT 88660AA6 ZwCreateSection
SSDT 88660A97 ZwDuplicateObject
SSDT 88660A38 ZwOpenProcess
SSDT 88660A3D ZwOpenThread
SSDT 88660AAB ZwSetContextThread
SSDT 88660A47 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\sven\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- EOF - GMER 1.0.15 ----
An Osam mache ich mich dann jetzt. LG Amelia |
|
06.07.2011, 16:15
| #12 |
| | BKA Trojaner auf dem Rechner Und der OsamLog: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:12:07 on 06.07.2011 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\sven\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Sony Ericsson Device 0016 driver (WDM)" (s0016bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016bus.sys "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)" (s0016nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016nd5.sys "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)" (s0016unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016unic.sys "Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)" (s0016mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mgmt.sys "Sony Ericsson Device 0016 USB WMC Modem Driver" (s0016mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdm.sys "Sony Ericsson Device 0016 USB WMC Modem Filter" (s0016mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdfl.sys "Sony Ericsson Device 0016 USB WMC OBEX Interface" (s0016obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016obex.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "uwtdqpod" (uwtdqpod) - ? - C:\Users\sven\AppData\Local\Temp\uwtdqpod.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\Program Files\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Avira SearchFree Toolbar plus WebGuard" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Avira SearchFree Toolbar plus WebGuard" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) "PHOTOfunSTUDIO 5.1 HD Edition.lnk" - "Panasonic Corporation" - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Shortcut exists | File exists) "web'n'walk Manager.lnk" - "T-Mobile" - C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (Shortcut exists | File exists) "WinZip Quick Pick.lnk" - ? - C:\Program Files\WinZip\WZQKPICK.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BitTorrent" - "BitTorrent, Inc." - "C:\Program Files\BitTorrent\BitTorrent.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ApnUpdater" - "{StringFileInfo_CompanyName}" - "C:\Program Files\Ask.com\Updater\Updater.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "recinfo919" - ? - c:\RecInfo\RecInfo.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GtDetectSc" (GtDetectSc) - "Option" - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\DREAMA~1.SCR (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] |
|
06.07.2011, 16:22
| #13 | |
| | BKA Trojaner auf dem Rechner Und jetzt noch der Inhalt der MBRCheck: Zitat:
Wolltest Du die anderen Logs überhaupt? LG Amelia |
|
06.07.2011, 20:26
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner auf dem Rechner Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BKA Trojaner auf dem Rechner |
| .com, adobe, antivir, avira, bho, bka virus, bonjour, conduit, converter, defender, desktop, downloader, explorer, firefox, format, home, logfile, msvcrt, oldtimer, otlpenet.exe, photoshop, plug-in, port, problem, realtek, reatogo, registry, scan, sched.exe, searchplugins, software, start menu, t-mobile, torrent.exe, trojaner, usb, virus |
Linear-Darstellung
