![]() |
|
Log-Analyse und Auswertung: BAK 1.09 entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() BAK 1.09 entfernen hallo, bräuchte bitte Hilfe beim Entfernen eines Trojaners (BAK 1.09), da ich selbst über wenig bis gar keine Computerkenntnisse verfüge=)!!! vielen dank im voraus!!! . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by *** at 12:02:08 on 2012-04-01 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.3070.2552 [GMT 2:00] . AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\***\Downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.facemoods.com/?a=gppc uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll uURLSearchHooks: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll mURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll mURLSearchHooks: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll uWindows: Load=c:\users\***\locals~1\temp\msaign.cmd BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll BHO: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll TB: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" uRun: [UpdateStar] c:\users\***\appdata\roaming\updatestar\UpdateStar.exe -A uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2 mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe" StartupFolder: c:\users\***\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\***\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube Download - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{080B1618-368D-406D-90F7-286125D568DB} : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{080B1618-368D-406D-90F7-286125D568DB}\4586F6D637F6E6033444644334 : DhcpNameServer = 10.0.0.138 10.0.0.138 TCP: Interfaces\{080B1618-368D-406D-90F7-286125D568DB}\849627F6378696D616 : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\ivmk2cvy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/index.php?lh=bbcf3a9c356bfc94d50b6dd3bdee4691&eu=8iTS3ZoyvnZj0qVP9ONEzA FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll . ============= SERVICES / DRIVERS =============== . R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-1 221784] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-1 78936] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072] R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280] R3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888] R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-1 69208] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-5-1 136360] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-1 269480] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-1 66616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-31 652360] S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-31 20464] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-21 15872] S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-1 69208] S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-1 94040] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-2 1343400] . =============== Created Last 30 ================ . 2012-04-01 08:42:58 -------- d-----w- c:\users\***\appdata\local\adaware 2012-04-01 08:42:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-04-01 08:42:42 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-04-01 08:42:41 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys 2012-04-01 08:42:28 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-04-01 08:42:28 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-04-01 08:42:25 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-04-01 08:28:18 -------- d-----w- c:\users\***\appdata\roaming\Ad-Aware Antivirus 2012-04-01 08:23:14 -------- d-----w- c:\program files\CCleaner 2012-03-31 18:03:25 -------- d-----w- c:\users\***\appdata\roaming\Malwarebytes 2012-03-31 18:03:20 -------- d-----w- c:\programdata\Malwarebytes 2012-03-31 18:03:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 18:03:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-31 17:19:17 -------- d-----w- c:\users\***\appdata\roaming\gizza 2012-03-22 07:27:45 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-22 07:27:45 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-13 19:09:29 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 19:09:26 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 19:08:37 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-13 19:08:37 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 19:08:37 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 19:08:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 19:08:35 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 19:08:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 19:08:35 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll . ==================== Find3M ==================== . 2012-01-08 18:09:21 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 12:02:54,08 =============== |
Themen zu BAK 1.09 entfernen |
acrobat update, ad-aware, adobe, antivir, antivir guard, antivirus, avg, avgnt, avira, bka 1.09, conduit, converter, defender, desktop, entfernen, firefox, google, google earth, helper, mozilla, mp3, object, plug-in, scan, security, security scan, software, svchost.exe, system, trojaner, updates, windows |