| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner auf dem RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2011, 16:06
| #1 |
| |  BKA Trojaner auf dem Rechner Hallo, da es ja in den Regeln steht poste ich für mein Problem ein neues Thema, ich hoffe das ist richtig so. Wie im Titel beschrieben habe ich mir den BKA Virus mit der Erpresser-Nummer eingefangen. Und zwar auf ein Notebook mit Windows-Vista Die OTLPENet.exe habe ich mir schon gebrannt und mit der CD gebootet. Das hier sind die dazugehörigen LOGs aus der Txt. Datei Bitte seit geduldig mit mir ich bin ein echter DAU. Vielen Dank Viele Grüße Amelia OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/9/2011 6:49:29 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.32 Gb Total Space | 34.96 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
Drive D: | 130.81 Gb Total Space | 77.08 Gb Free Space | 58.93% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2011/04/28 03:34:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/20 15:00:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/11/05 09:28:10 | 000,204,915 | ---- | M] (Option) [Auto] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/08/08 08:00:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/12/08 04:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/09/14 02:56:06 | 000,102,400 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/20 15:00:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 09:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 07:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/07/09 09:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/06/26 08:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/04/03 10:53:12 | 000,047,872 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/03/30 08:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/02/25 00:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/15 17:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/22 12:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/07/14 08:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/07 13:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\sven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\sven_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\sven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/10 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/10 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 04:40:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 04:40:55 | 000,000,000 | ---D | M]
[2008/09/03 05:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sven\AppData\Roaming\Mozilla\Extensions
[2011/05/18 03:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions
[2010/12/15 15:37:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/18 12:49:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/15 15:37:54 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/07/22 01:57:29 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\2020Player@2020Technologies.com
[2010/12/15 15:37:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/05/18 03:12:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\extensions\engine@conduit.com
[2010/12/08 09:47:52 | 000,000,927 | ---- | M] () -- C:\Users\sven\AppData\Roaming\Mozilla\Firefox\Profiles\6i4m7mql.default\searchplugins\conduit.xml
[2011/05/15 12:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 17:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/16 12:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/15 12:34:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2008/09/03 05:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) --
[2011/05/16 04:40:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/13 23:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/16 04:40:52 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/05/16 04:40:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/16 04:40:52 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/05/16 04:40:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/05/16 04:40:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/05/16 04:40:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\sven_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\sven_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [recinfo919] C:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\sven_ON_C..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\sven_ON_C..\Run: [iPhone PC Suite] File not found
O4 - HKU\sven_ON_C..\Run: [Vidalia] File not found
O7 - HKU\sven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\sven_ON_C Winlogon: Shell - (C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EM66VHA\calc[1].exe) - C:\Users\sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EM66VHA\calc[1].exe ()
O24 - Desktop WallPaper: D:\Gladiatores Geschäftlich\wallpaper2.jpg
O24 - Desktop BackupWallPaper: D:\Gladiatores Geschäftlich\wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06755d29-d13b-11dd-8679-00030d7c4590}\Shell - "" = AutoRun
O33 - MountPoints2\{06755d29-d13b-11dd-8679-00030d7c4590}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{6343ddbd-0ebe-11e0-99ae-91dc59051ef4}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{9da564ae-7766-11de-a576-00030d7c4590}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/31 12:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/21 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\sven\AppData\Local\WinZip
[2011/05/15 12:34:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/15 12:34:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/15 12:34:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/02 10:42:25 | 010,013,416 | ---- | C] (Geek Software GmbH ) -- C:\Program Files\pdf24.exe
[12 C:\Users\sven\Desktop\*.tmp files -> C:\Users\sven\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/09 10:07:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/09 10:06:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 10:06:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 10:06:11 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 10:06:01 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 08:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 07:47:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
[2011/06/09 07:44:32 | 000,693,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/09 07:44:32 | 000,654,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/09 07:44:32 | 000,137,946 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/09 07:44:32 | 000,120,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/08 16:59:13 | 000,330,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/31 12:45:17 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/31 12:45:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/16 04:40:55 | 000,000,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/05/16 04:40:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[12 C:\Users\sven\Desktop\*.tmp files -> C:\Users\sven\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/09 09:40:28 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 12:45:17 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/16 04:40:55 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/28 09:56:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/03/28 09:56:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/03/28 09:56:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/03/28 09:56:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/03/28 09:56:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/03/28 09:56:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/03/28 09:56:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/03/28 09:56:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/03/28 09:56:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/03/28 09:56:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/03/28 09:56:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/03/28 09:56:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/03/28 09:56:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/03/28 09:56:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/03/28 09:56:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/03/28 09:56:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/03/28 09:56:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/03/28 09:56:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/28 09:56:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/25 06:12:48 | 000,000,680 | ---- | C] () -- C:\Users\sven\AppData\Local\d3d9caps.dat
[2010/11/05 06:15:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/21 06:00:08 | 000,000,039 | ---- | C] () -- C:\Windows\eplan.ini
[2010/07/10 08:16:10 | 000,111,408 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/31 14:04:55 | 031,200,417 | ---- | C] () -- C:\Program Files\FFSetup220.zip
[2009/10/28 05:54:47 | 000,082,944 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009/06/30 10:48:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/15 10:32:30 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/10/15 10:32:15 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2008/10/15 10:32:06 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/03/04 11:15:51 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/04 09:03:49 | 000,056,832 | ---- | C] () -- C:\Users\sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 08:03:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/04 07:53:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 11:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 11:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 11:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 11:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/08 16:27:54 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/08/08 08:25:27 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/08 08:25:27 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2006/11/02 11:33:31 | 000,693,848 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,137,946 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,330,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,654,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,936 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 03:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003/02/20 03:59:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll
[1999/12/15 13:16:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\Lpng.dll
[1999/04/29 16:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/09/05 08:33:03 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Alltags-Programme
[2011/01/24 05:45:09 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Amazon
[2009/06/26 04:06:52 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Any Video Converter
[2011/06/08 13:55:09 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\BitTorrent
[2011/03/18 12:49:02 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/06 11:47:55 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\FileZilla
[2008/03/21 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Opera
[2010/12/25 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\Shareaza
[2010/06/19 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\SmartStore
[2010/07/10 06:49:18 | 000,000,000 | ---D | M] -- C:\Users\sven\AppData\Roaming\WindSolutions
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/10 07:35:41 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/04 07:28:22 | 000,000,000 | ---D | M] -- C:\ProgramData\fsc-reg
[2011/03/28 10:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/03/04 07:21:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/07/10 06:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2009/01/06 07:24:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2008/03/04 07:27:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/07/08 15:40:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/09 10:07:26 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/09 07:47:09 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A29FB4A2-45DF-4812-9817-47B92FFD6CA9}.job
========== Purity Check ==========
< End of report >
|
| Themen zu BKA Trojaner auf dem Rechner |
| .com, adobe, antivir, avira, bho, bka virus, bonjour, conduit, converter, defender, desktop, downloader, explorer, firefox, format, home, logfile, msvcrt, oldtimer, otlpenet.exe, photoshop, plug-in, port, problem, realtek, reatogo, registry, scan, sched.exe, searchplugins, software, start menu, t-mobile, torrent.exe, trojaner, usb, virus |
Baum-Darstellung