![]() |
|
Log-Analyse und Auswertung: Trojaner nach BKA-MeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojaner nach BKA-Meldung Hallo. Nachdem sich eine BKA-Mitteilung auf meinem PC geöffnet hatte (die ich nur wegbekam, indem ich den Rechner zum Herunterfahren zwang), meldete AntiVir einen Trojaner. Ich habe versucht, im Internet zu recherchieren, aber regelmäßig erscheint die BKA-Meldung wieder und ich muss den Rechner herunterfahren. Deswegen wende ich mich verzweifelt an euch. Ich bin entsetzlich ahnungslos, was Computertechnologie angeht. Akribisch genau habe ich die Anweisungen des Forums befolgt und die Log-Dateien erstellt. (Wann darf ich denn das re-enable in diesem defogger betätigen?) Ich bitte euch dringend um Hilfe!!! Vielen Dank! Fran P.S: Die DDS-File habe ich wie gefordert hier rein kopiert. Im Anhang befindet sie sich nochmal nebst den anderen beiden Logfiles. DDS-Text: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by Claudia at 11:51:54 on 2012-03-09 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.49.1031.18.1900.798 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Windows\Explorer.EXE C:\Program Files\asus\Wireless Console 3\wcourier.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskeng.exe C:\Users\Claudia\Desktop\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uURLSearchHooks: H - No File BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.3\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {B106B661-3E1B-4015-AF5C-195E909F35C6} - No File uRun: [LicenseValidator] c:\users\claudia\appdata\roaming\identities\{8e802f35-4ba7-46ff-beca-9b273d732d5f}\LicenseValidator.exe mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\claudia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Free YouTube Download - c:\users\claudia\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\14C4943454D275C414E42313 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\7596C646562702F4374756E6 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\75C414E4D2030313 : DhcpNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\components\PriceGongFF.dll FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCore.dll FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Babylon Spelling and Proofreading: adapter@babylontc.com - c:\program files\mozilla firefox\extensions\adapter@babylontc.com FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\mozilla firefox\extensions\ocr@babylon.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\claudia\appdata\roaming\NetAssistant . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-9 36000] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-9 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-9 110032] R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-3-9 463824] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-9 74640] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-8 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-03-09 10:46:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\offreg.dll 2012-03-09 10:39:51 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\mpengine.dll 2012-03-09 10:37:22 -------- d-----w- c:\program files\Ask.com 2012-03-09 10:36:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-03-09 10:36:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-03-07 19:00:50 -------- d-----w- c:\users\claudia\appdata\roaming\Avira 2012-03-07 19:00:03 -------- d-----w- c:\programdata\Avira 2012-03-07 19:00:03 -------- d-----w- c:\program files\Avira 2012-03-03 16:34:48 -------- d-----w- c:\users\claudia\.thumb 2012-03-02 09:06:56 -------- d-----w- c:\users\claudia\appdata\roaming\TeamViewer 2012-02-16 02:31:23 -------- d-----w- c:\windows\system32\wbem\en-US 2012-02-16 02:09:59 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe 2012-02-15 05:46:27 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 05:46:21 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 05:46:16 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 05:45:57 2340864 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-16 02:10:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-16 02:10:04 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-16 02:10:03 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-16 02:10:02 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-16 02:10:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-16 02:10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-16 02:10:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-16 02:10:01 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-16 02:10:00 367104 ----a-w- c:\windows\system32\html.iec 2012-02-16 02:09:57 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-16 02:09:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-16 02:09:56 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-16 02:09:56 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-16 02:09:56 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-16 02:09:56 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-16 02:09:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-16 02:09:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-16 02:09:54 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-16 02:09:54 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-16 02:09:53 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-16 02:09:53 1798656 ----a-w- c:\windows\system32\jscript9.dll 2006-05-03 11:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 12:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 14:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . ============= FINISH: 11:53:23,57 =============== |
Themen zu Trojaner nach BKA-Meldung |
adapter, adblock, adobe, ahnungslos, antivir, asus, avg, avira, avira searchfree toolbar, babylon, computer, dealply, defender, desktop, download, dringend, explorer, firefox, helper, herunterfahren, hilfe!!, internet, mozilla, mp3, pdf, plug-in, svchost.exe, sweetim, system, trojaner, updates, windows |