| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner - Brauche dringend Hilfe!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.04.2011, 13:47
| #1 |
| |  BKA Trojaner - Brauche dringend Hilfe! Hallo, wurde auch Opfer des BKA-Trojaners. Habe den Scan drüber laufen lassen und folgenden Log bekommen:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/14/2011 2:12:04 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
895.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 72.00% Memory free
806.00 Mb Paging File | 706.00 Mb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.42 Gb Total Space | 9.19 Gb Free Space | 10.39% Space Free | Partition Type: NTFS
Drive D: | 23.36 Gb Total Space | 14.75 Gb Free Space | 63.13% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (gusvc)
SRV - [2007/12/19 17:56:26 | 000,214,056 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/08/28 08:16:15 | 000,063,016 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2007/05/22 10:30:34 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/23 06:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/17 15:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006/09/28 03:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (mailKmd)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/06/15 12:01:00 | 000,273,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\V0540Vid.sys -- (V0540Dev)
DRV - [2007/12/19 17:56:27 | 000,061,632 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2007/09/17 06:24:55 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007/03/01 05:34:30 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/27 10:25:04 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007/01/13 05:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/08 14:34:04 | 000,449,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/11/15 12:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 07:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 05:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/15 03:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tobias_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Tobias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tobias_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Tobias_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Tobias_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Tobias_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Tobias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/08 15:20:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/16 09:17:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 13:53:02 | 000,000,000 | ---D | M]
[2008/11/08 16:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Extensions
[2011/04/10 15:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions
[2009/10/01 05:49:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 03:55:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/01 12:55:33 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\dplauncher@digitalpublishing.de
[2010/02/26 15:37:46 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\firefox@tvunetworks.com
[2009/04/17 06:04:12 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\moveplayer@movenetworks.com
[2011/04/06 07:23:14 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-1.xml
[2009/02/05 11:20:01 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-10.xml
[2009/03/24 08:48:19 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-11.xml
[2009/03/30 02:58:15 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-12.xml
[2009/04/22 13:40:11 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-13.xml
[2009/04/29 13:12:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-14.xml
[2009/06/19 11:12:47 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-15.xml
[2009/07/24 11:05:27 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-16.xml
[2009/10/03 09:35:38 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-17.xml
[2009/10/31 12:01:14 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-18.xml
[2009/12/18 09:04:18 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-19.xml
[2007/11/03 16:56:14 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-2.xml
[2010/01/08 14:04:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-20.xml
[2010/02/26 15:37:52 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-21.xml
[2007/11/28 11:09:56 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-3.xml
[2007/12/01 13:26:52 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-4.xml
[2008/07/19 12:04:33 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-5.xml
[2008/07/22 08:22:27 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-6.xml
[2008/10/24 12:21:53 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-7.xml
[2008/12/03 11:14:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-8.xml
[2008/12/25 18:47:16 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-9.xml
[2009/03/25 06:49:20 | 000,000,944 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin.xml
[2009/06/19 13:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/19 11:18:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007/06/13 07:29:18 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com
[2010/05/30 05:47:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/05/30 05:47:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/05/30 05:47:25 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/05/30 05:47:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/05/30 05:47:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\Tobias_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\Tobias_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] File not found
O4 - HKLM..\Run: [C:\Windows\system32\V0540Ext.ax] C:\Windows\System32\V0540Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Tobias_ON_C..\Run: [SystemData.exe] C:\SystemData\SystemData.exe ()
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tobias_ON_C Winlogon: Shell - (C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe) - C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2980136b-5220-11e0-8eac-0016d382602b}\Shell - "" = AutoRun
O33 - MountPoints2\{2980136b-5220-11e0-8eac-0016d382602b}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8f83e48f-f98d-11db-b9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f83e48f-f98d-11db-b9ea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PSetup.exe /continue /uionlyifneeded
O33 - MountPoints2\{b36289f0-ac20-11dd-a388-0016d382602b}\Shell\AutoRun\command - "" = F:\Launch.exe
O33 - MountPoints2\{cf288df8-4b44-11df-b08b-0016d382602b}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/14 11:10:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/04 06:36:59 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\México - Méx.Trip
[2011/04/03 14:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/03 14:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/19 08:26:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Warcraft III
[2011/03/15 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\6.Semester
========== Files - Modified Within 30 Days ==========
[2011/04/13 17:37:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 17:36:07 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:36:07 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:35:52 | 938,131,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 11:02:10 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 11:02:10 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/12 11:02:10 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 11:02:10 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/12 08:12:24 | 000,013,072 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat
[2011/04/12 08:12:24 | 000,013,072 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001
[2011/04/12 06:30:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/08 08:45:19 | 000,000,638 | ---- | M] () -- C:\Users\Tobias\Desktop\PLAKAT_gemeinsam.fuer.japan.lnk
[2011/04/03 14:05:54 | 001,863,844 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/03 13:39:44 | 000,009,840 | -HS- | M] () -- C:\Users\Tobias\AppData\Local\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 13:39:44 | 000,009,840 | -HS- | M] () -- C:\ProgramData\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 12:14:16 | 000,331,776 | -HS- | M] () -- C:\Users\Tobias\AppData\Local\tpi.exe
[2011/03/31 05:06:08 | 002,720,800 | ---- | M] () -- C:\Users\Tobias\Desktop\Bad Taste Party.jpg
========== Files Created - No Company Name ==========
[2011/04/13 17:35:52 | 938,131,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 08:42:53 | 000,000,638 | ---- | C] () -- C:\Users\Tobias\Desktop\PLAKAT_gemeinsam.fuer.japan.lnk
[2011/04/03 14:04:47 | 001,863,844 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/03 12:14:48 | 000,009,840 | -HS- | C] () -- C:\Users\Tobias\AppData\Local\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 12:14:48 | 000,009,840 | -HS- | C] () -- C:\ProgramData\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 12:14:16 | 000,331,776 | -HS- | C] () -- C:\Users\Tobias\AppData\Local\tpi.exe
[2011/03/31 05:07:10 | 002,720,800 | ---- | C] () -- C:\Users\Tobias\Desktop\Bad Taste Party.jpg
[2010/02/10 14:53:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 12:26:16 | 000,054,789 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/10/20 13:25:38 | 000,000,680 | ---- | C] () -- C:\Users\Tobias\AppData\Local\d3d9caps.dat
[2008/11/06 13:25:05 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/19 17:56:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/05/21 12:54:37 | 000,047,104 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/21 06:42:12 | 000,013,072 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001
[2007/05/21 06:03:44 | 000,013,072 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat
[2007/05/03 13:31:40 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2007/05/03 13:31:37 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/03 13:31:36 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/03/14 19:12:48 | 000,081,920 | ---- | C] () -- C:\Windows\mws.exe
[2007/03/12 21:42:14 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/03/10 02:49:55 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007/03/10 02:49:54 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007/03/10 02:39:31 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007/03/09 22:40:31 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/03/09 10:58:44 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/03/09 01:33:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/28 05:13:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 11:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/20 02:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[1997/10/17 18:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/10/17 18:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1997/09/03 18:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/09/03 18:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/09/03 18:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
========== LOP Check ==========
[2007/06/09 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Babylon
[2010/02/21 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DataDesign
[2010/05/01 12:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\digital publishing
[2009/10/19 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\fotobuch.de AG
[2011/03/17 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ
[2007/05/21 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ Toolbar
[2007/05/21 09:09:40 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQLite
[2007/06/12 08:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\InterVideo
[2011/01/22 12:30:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Langenscheidt
[2007/05/21 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\MAGIX
[2007/05/03 13:05:48 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ulead Systems
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/06/09 23:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/10/19 17:21:01 | 000,000,000 | ---D | M] -- C:\ProgramData\fotobuch.de AG
[2007/03/10 02:39:23 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2009/06/19 11:18:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2007/03/09 11:36:30 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2011/01/22 12:30:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Langenscheidt
[2007/03/12 21:46:32 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/04/03 14:37:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/03/14 19:14:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2007/03/09 23:35:06 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2007/12/05 17:11:17 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011/04/12 09:34:58 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Kann mir irgendjemand bei diesem Problem helfen? Und zwar einem nicht wirklichem Computer-Menschen  !Wäre euch sehr dankbar! |
| Themen zu BKA Trojaner - Brauche dringend Hilfe! |
| adobe, alternate, antivir, autorun, avgntflt.sys, avira, babylon, bho, defender, desktop, dringend, error, explorer, firefox, format, home, hotkey.sys, launch, location, logfile, mozilla, nvlddmkm.sys, object, oldtimer, problem, realtek, reatogo, registry, scan, sched.exe, searchplugins, software, trojaner, updates, vista |
Baum-Darstellung