|
Log-Analyse und Auswertung: BKA Trojana 06.08.2011 /makWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.08.2011, 18:28 | #1 |
| BKA Trojana 06.08.2011 /mak Hallo zusammen, ich habe mir gestern Mittag diesen blöden BKA Trojana eingefangen =(. Da ich nur einen Lapi besitze und keinen zweiten Computer habe ich es mir gestern schwer getan, eine Lösung zu diesem Trojana zu finden. Nachdem ich LINUX auf meine kleine Patition intstallieren konnte, habe ich endlich wieder Hoffnung gehabt, da ich mir dadurch einpaar Tipps im Netz suchen konnte. Ich habe veruscht mich bei euch hier im Board ausgiebig zu informieren und festgestellt, dass ihr einen "LOG" oder sowas von mir braucht um mir helfen zu können. Ich habe mir diese OTL programm geladen (bis ich das Programm auf LINUX mal als ISO brennen konnte, bin ich fast ausgeflippt...Ich benutze WIN XP ;-) ) So ich hoffe ich mache das jetzt richtig. Ich habe jetzt zwei Dateien OTL.txt Code:
ATTFilter OTL logfile created on: 8/7/2011 11:00:34 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 250.57 Gb Total Space | 7.74 Gb Free Space | 3.09% Space Free | Partition Type: NTFS Drive D: | 9.75 Gb Total Space | 9.70 Gb Free Space | 99.44% Space Free | Partition Type: NTFS Drive E: | 3.66 Gb Total Space | 0.61 Gb Free Space | 16.75% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - (UleadBurningHelper) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (RT73) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (ASUSProcObsrv) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (AsDsm) -- C:\WINDOWS\System32\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( ) DRV - (CRFILTER) -- C:\WINDOWS\system32\drivers\CRFILTER.sys (Generic) DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys () DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ATK0100) DRV - (ASNDIS5) -- C:\Programme\ASUS\ATK Hotkey\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\mak-asgard_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\mak-asgard_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\mak-asgard_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\mak-asgard_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKU\mak-asgard_ON_C\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) IE - HKU\mak-asgard_ON_C\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKU\mak-asgard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\mak-asgard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/06/24 14:28:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/05/21 09:14:50 | 000,000,000 | ---D | M] [2010/07/29 16:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\mozilla\Extensions [2011/07/17 11:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\mozilla\Firefox\Profiles\sr169ehi.default\extensions [2011/03/05 16:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\mozilla\Firefox\Profiles\sr169ehi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/07/17 11:26:10 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\mozilla\Firefox\Profiles\sr169ehi.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011/06/24 14:28:30 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\mozilla\Firefox\Profiles\sr169ehi.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2011/05/24 16:19:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\mozilla\Firefox\Profiles\sr169ehi.default\extensions\engine@conduit.com [2011/01/17 09:40:58 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Mozilla\Firefox\Profiles\sr169ehi.default\searchplugins\conduit.xml [2011/07/30 04:27:30 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Mozilla\Firefox\Profiles\sr169ehi.default\searchplugins\icqplugin.xml [2011/08/05 14:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010/08/03 12:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/01 15:40:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2011/08/05 14:52:48 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2010/08/03 12:41:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/08/05 14:52:49 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAMME\YOUTUBE DOWNLOADER TOOLBAR\FF [2011/06/24 14:27:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2011/05/21 09:14:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/05/21 09:14:44 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011/05/21 09:14:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011/05/21 09:14:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011/05/21 09:14:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011/05/21 09:14:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKU\mak-asgard_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKU\mak-asgard_ON_C\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\mak-asgard_ON_C..\Run: [Sony Ericsson PC Companion] C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\mak-asgard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\jashla.exe) - C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\jashla.exe (Riviera Knoxville Rowland Dominican Tarbell Byrd) O20 - Winlogon\Notify\Aspwdflt: DllName - C:\Programme\ASUS\ASUS Data Security Manager\ASPWDFLT.dll - C:\Programme\ASUS\ASUS Data Security Manager\ASPWDFLT.dll (ASUSTek Computer Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/29 14:09:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/08/07 21:37:51 | 000,000,000 | ---D | C] -- C:\_OTL [2011/08/06 09:34:34 | 000,134,144 | ---- | C] (Riviera Knoxville Rowland Dominican Tarbell Byrd) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\jashla.exe [2011/08/05 16:09:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\YouTube Downloader [2011/08/05 14:52:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Search Settings [2011/08/05 14:52:48 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader Toolbar [2011/08/05 14:52:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2011/08/05 14:52:48 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2011/08/05 14:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader [2011/08/05 14:25:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sony [2011/08/05 13:26:30 | 000,000,000 | ---D | C] -- C:\Programme\Sony [2011/07/21 13:30:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\elsterformular [2011/07/21 13:29:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011/07/21 13:29:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular [2011/07/21 13:28:04 | 000,000,000 | ---D | C] -- C:\Programme\ElsterFormular [2011/07/21 13:18:17 | 053,237,328 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\ElsterFormular-12.2.2.6665p.exe [2010/07/29 15:12:44 | 000,013,880 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys [2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\mak-asgard\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\mak-asgard\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/07 13:48:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/08/07 13:45:12 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/08/06 14:54:35 | 000,516,304 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011/08/06 14:54:35 | 000,492,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/08/06 14:54:35 | 000,100,516 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011/08/06 14:54:35 | 000,083,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/08/06 09:34:34 | 000,134,144 | ---- | M] (Riviera Knoxville Rowland Dominican Tarbell Byrd) -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\jashla.exe [2011/08/06 09:26:14 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/08/06 08:54:16 | 000,063,488 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/06 08:47:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/08/06 08:37:33 | 000,012,056 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\00000000.restored.wmv.sfk [2011/08/06 08:32:16 | 000,205,342 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\wetter.bmp [2011/08/06 08:30:49 | 005,248,393 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\00000001.wmv [2011/08/06 07:53:40 | 003,704,115 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\00000001NEW.wma [2011/08/05 15:23:19 | 000,005,584 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\INTRO.veg [2011/08/05 15:23:06 | 000,012,344 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\who's gonna save the world tonight.veg [2011/08/05 15:19:21 | 000,008,296 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\who's gonna save the world tonight.veg.bak [2011/08/05 14:52:15 | 000,000,779 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\YouTube Downloader.lnk [2011/08/05 14:51:51 | 005,177,584 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\YouTubeDownloaderSetup33.exe [2011/08/05 14:31:29 | 000,002,688 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\Vegas Pro registrieren.htm [2011/08/05 14:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sony [2011/08/05 11:49:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/08/01 15:40:52 | 000,121,892 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\47660652.jpg [2011/07/21 14:22:35 | 000,004,633 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\ESt2010_KXXXXXX_XXXX.elfo [2011/07/21 13:29:29 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk [2011/07/21 13:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular [2011/07/21 13:25:57 | 053,237,328 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\ElsterFormular-12.2.2.6665p.exe [2011/07/21 13:17:45 | 000,107,237 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\Anna 2009.elfo [2011/07/20 14:03:58 | 000,033,017 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\002BAb2_reasonably_small.jpg [2011/07/17 11:26:53 | 000,001,479 | ---- | M] () -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2011/07/17 11:26:53 | 000,001,479 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2011/07/17 11:26:52 | 000,001,479 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vuze.lnk [2011/07/14 14:10:34 | 001,447,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/14 13:11:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\mak-asgard\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\mak-asgard\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/08/06 08:37:19 | 000,012,056 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\00000000.restored.wmv.sfk [2011/08/06 08:32:16 | 000,205,342 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\wetter.bmp [2011/08/06 08:28:53 | 005,248,393 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\00000001.wmv [2011/08/06 07:53:36 | 003,704,115 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\00000001NEW.wma [2011/08/05 15:23:06 | 000,005,584 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\INTRO.veg [2011/08/05 15:19:21 | 000,012,344 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\who's gonna save the world tonight.veg [2011/08/05 15:19:21 | 000,008,296 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\who's gonna save the world tonight.veg.bak [2011/08/05 14:52:15 | 000,000,779 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\YouTube Downloader.lnk [2011/08/05 14:51:42 | 005,177,584 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\YouTubeDownloaderSetup33.exe [2011/08/05 14:31:29 | 000,002,688 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Eigene Dateien\Vegas Pro registrieren.htm [2011/08/01 15:40:51 | 000,121,892 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\47660652.jpg [2011/07/21 14:22:35 | 000,004,633 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\ESt2010_Kxxxxxx_xxxx.elfo [2011/07/21 13:29:29 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk [2011/07/21 13:17:43 | 000,107,237 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\Anna 2009.elfo [2011/07/20 14:03:57 | 000,033,017 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Desktop\002BAb2_reasonably_small.jpg [2011/07/17 11:26:53 | 000,001,479 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2011/06/17 16:54:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011/05/29 06:42:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/25 20:19:00 | 000,195,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011/01/28 19:40:09 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/01/28 19:40:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/01/28 19:40:08 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll [2010/12/19 09:28:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/10/13 12:18:21 | 000,018,944 | ---- | C] () -- C:\WINDOWS\eraser.exe [2010/08/01 06:06:27 | 000,063,488 | ---- | C] () -- C:\Dokumente und Einstellungen\mak-asgard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/29 20:54:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/07/29 20:53:23 | 001,447,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/07/29 16:40:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/07/29 15:56:20 | 000,233,128 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2010/07/29 15:20:41 | 000,035,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2010/07/29 15:20:40 | 001,766,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2010/07/29 15:13:31 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010/07/29 15:13:31 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2010/07/29 14:37:57 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/07/29 14:11:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/07/29 14:06:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/12/19 11:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 13:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 13:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 13:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 13:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 12:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/04/07 02:00:46 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\CRFILTER.dll [2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 08:00:00 | 000,516,304 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 08:00:00 | 000,492,948 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 08:00:00 | 000,100,516 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 08:00:00 | 000,083,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll ========== LOP Check ========== [2011/08/05 14:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Azureus [2010/12/19 09:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Canneverbe Limited [2011/07/21 13:30:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\elsterformular [2010/11/15 17:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\ICQ [2010/12/19 09:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\OpenCandy [2011/01/28 19:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Publish Providers [2011/08/05 14:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Search Settings [2011/08/05 13:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Sony [2011/02/01 17:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Sony Creative Software Inc [2010/08/29 12:08:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Ulead Systems [2010/12/19 09:30:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\Uniblue [2011/08/05 16:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mak-asgard\Anwendungsdaten\YouTube Downloader [2010/12/19 09:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011/07/21 13:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010/10/19 14:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010/08/29 12:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2011/01/28 18:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2011/06/20 15:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011/06/26 06:54:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011/08/05 14:52:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader ========== Purity Check ========== < End of report > und Extras.txt Code:
ATTFilter OTL Extras logfile created on: 8/7/2011 11:08:05 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 250.57 Gb Total Space | 7.74 Gb Free Space | 3.09% Space Free | Partition Type: NTFS Drive D: | 9.75 Gb Total Space | 9.70 Gb Free Space | 99.44% Space Free | Partition Type: NTFS Drive E: | 3.66 Gb Total Space | 0.61 Gb Free Space | 16.75% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{DFF10B77-36EB-4B73-AA8B-2B98E74EC3C7}" = YouTube Downloader Toolbar v4.5 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.123 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9F20920-313D-4D6F-866B-2737B77E1857}" = ASUS FancyStart "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "8461-7759-5462-8226" = Vuze "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "conduitEngine" = Conduit Engine "DivX Setup.divx.com" = DivX-Setup "Elantech" = ETDWare PS/2-x86 7.0.5.2 WHQL "ElsterFormular für Privatanwender 12.2.2.6665p" = ElsterFormular für Privatanwender "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "LeechFTP" = LeechFTP "McAfee Security Scan" = McAfee Security Scan Plus "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NCH Toolbar" = NCH Toolbar "Update Engine" = Sony Ericsson Update Engine "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam "USB Mass Storage Filter Driver" = Multimedia Card Reader "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 1.1.4 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\mak-asgard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in < End of report > Bitte bitte helft mir und sagt mir, was ich nun machen kann... Danke Grüße mak |
09.08.2011, 14:02 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojana 06.08.2011 /makZitat:
Wir sind hier schließlich auch im Trojaner-Board und nicht im Trojana-Board! Poste die Logs bitte ohne Zeilenumbrüche, am besten alle Log in eine Datei zippen und diese zip hier per Anhang posten.
__________________ |
Themen zu BKA Trojana 06.08.2011 /mak |
0x00000001, avira, bho, bonjour, cdburnerxp, computer, conduit, converter, desktop, downloader, einstellungen, error, firefox, flash player, fontcache, format, gfnexsrv.exe, google earth, installation, jashla.exe, launch, logfile, photoshop, plug-in, programm, realtek, reatogo, registry, rundll, scan, sched.exe, security, security scan, shell32.dll, shortcut, software, spigot, staropen, usb, usb 2.0, windows, windows xp, youtube downloader |