Trojaner nach BKA-Meldung

fran · 09.03.2012, 13:46

Hallo.

Nachdem sich eine BKA-Mitteilung auf meinem PC geöffnet hatte (die ich nur wegbekam, indem ich den Rechner zum Herunterfahren zwang), meldete AntiVir einen Trojaner. Ich habe versucht, im Internet zu recherchieren, aber regelmäßig erscheint die BKA-Meldung wieder und ich muss den Rechner herunterfahren. Deswegen wende ich mich verzweifelt an euch. Ich bin entsetzlich ahnungslos, was Computertechnologie angeht. Akribisch genau habe ich die Anweisungen des Forums befolgt und die Log-Dateien erstellt. (Wann darf ich denn das re-enable in diesem defogger betätigen?) Ich bitte euch dringend um Hilfe!!!

Vielen Dank!
Fran

P.S: Die DDS-File habe ich wie gefordert hier rein kopiert. Im Anhang befindet sie sich nochmal nebst den anderen beiden Logfiles.

DDS-Text:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Claudia at 11:51:54 on 2012-03-09
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.49.1031.18.1900.798 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\asus\Wireless Console 3\wcourier.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Users\Claudia\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.3\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {B106B661-3E1B-4015-AF5C-195E909F35C6} - No File
uRun: [LicenseValidator] c:\users\claudia\appdata\roaming\identities\{8e802f35-4ba7-46ff-beca-9b273d732d5f}\LicenseValidator.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\claudia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Free YouTube Download - c:\users\claudia\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\14C4943454D275C414E42313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\7596C646562702F4374756E6 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\75C414E4D2030313 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\components\PriceGongFF.dll
FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCore.dll
FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: adapter@babylontc.com - c:\program files\mozilla firefox\extensions\adapter@babylontc.com
FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\mozilla firefox\extensions\ocr@babylon.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\claudia\appdata\roaming\NetAssistant
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-9 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-9 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-9 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-3-9 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-9 74640]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-8 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-09 10:46:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\offreg.dll
2012-03-09 10:39:51 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\mpengine.dll
2012-03-09 10:37:22 -------- d-----w- c:\program files\Ask.com
2012-03-09 10:36:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-09 10:36:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-07 19:00:50 -------- d-----w- c:\users\claudia\appdata\roaming\Avira
2012-03-07 19:00:03 -------- d-----w- c:\programdata\Avira
2012-03-07 19:00:03 -------- d-----w- c:\program files\Avira
2012-03-03 16:34:48 -------- d-----w- c:\users\claudia\.thumb
2012-03-02 09:06:56 -------- d-----w- c:\users\claudia\appdata\roaming\TeamViewer
2012-02-16 02:31:23 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-16 02:09:59 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe
2012-02-15 05:46:27 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:46:21 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:46:16 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:45:57 2340864 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:10:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 02:10:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 02:10:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 02:10:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 02:10:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 02:10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 02:10:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 02:10:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 02:10:00 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 02:09:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 02:09:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 02:09:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 02:09:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 02:09:56 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 02:09:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 02:09:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 02:09:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 02:09:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 02:09:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-16 02:09:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-16 02:09:53 1798656 ----a-w- c:\windows\system32\jscript9.dll
2006-05-03 11:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 11:53:23,57 ===============

Trojaner nach BKA-Meldung

Log-Analyse und Auswertung: Trojaner nach BKA-Meldung

Trojaner nach BKA-Meldung

Ähnliche Themen: Trojaner nach BKA-Meldung