| |
| |||||||
Log-Analyse und Auswertung: Trojaner im System (BKA)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.05.2011, 21:20
| #1 | |
 |  Trojaner im System (BKA) Ja, also ich war nun auch Opfer des tollen Bundeskriminalamts-Trojaner. Jedenfalls habe ich jetzt wieder Zugriff aufs System und den Trojaner oberflächlich aus dem System gelöscht, aber da er ja recht tief verwurzelt sein soll, brauch ich euren Rat, wie es über mein System bestellt ist. Problem ist, dass aus vielfältigen Gründen eine Neuaufsetzung des Systems nur im äußersten Notfall in Frage kommt. Avira (jaja, ich weiß, ich besorg mir baldigst ein ordentliches Antviren Prog) habe ich eben durchlaufen lassen und dabei wurden noch zwei weitere Trojaner gefunden, die jetzt weg sein müssten ... Malwarebytes Log: Zitat:
OTL Log OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2011 22:52:50 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\xxx\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 68,97% Memory free 5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,14 Gb Total Space | 96,56 Gb Free Space | 49,48% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 70 85 5F 66 E6 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {e411bb40-b04c-11d8-92e7-00d09e0179f2}:4.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 13:21:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.01 13:21:27 | 000,000,000 | ---D | M] [2010.11.10 18:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.05.22 22:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dc75recf.default\extensions [2011.02.05 16:39:03 | 000,000,000 | ---D | M] ("iGraal") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dc75recf.default\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2} [2010.11.14 21:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.11.12 15:17:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.11.14 21:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.14 21:28:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.18 20:53:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.18 20:53:51 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.18 20:53:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.18 20:53:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.18 20:53:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b468c02e-ece2-11df-9952-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfebb-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell - "" = AutoRun O33 - MountPoints2\{db4bfedd-1b38-11e0-9b56-00030dc2a2ef}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.22 20:59:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.05.22 20:59:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.22 20:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 20:59:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.22 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.22 20:55:27 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.05.22 20:55:20 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.05.22 20:55:20 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.05.22 20:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.05.22 20:54:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.05.22 20:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2011.05.22 20:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.05.22 20:52:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.05.22 20:39:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011.05.22 20:39:03 | 000,000,000 | ---D | C] -- C:\totalcmd [2011.05.22 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GHISLER [2011.05.22 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2011.05.19 07:39:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.14 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\.jordan [2011.05.11 18:22:05 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.11 18:22:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.28 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ElevatedDiagnostics [2011.04.27 14:08:57 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011.04.27 14:08:57 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.04.27 14:08:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2011.04.27 14:08:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.04.27 14:08:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 14:08:45 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.22 22:52:16 | 000,048,861 | ---- | M] () -- C:\Users\xxx\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2011.05.22 22:09:12 | 000,105,289 | ---- | M] () -- C:\Users\xxx\Desktop\kqM7r95q.htm.part.htm [2011.05.22 22:06:53 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:06:53 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:03:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.22 22:03:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.22 22:03:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.22 22:03:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.22 21:59:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.22 21:59:21 | 2411,708,416 | -HS- | M] () -- C:\hiberfil.sys [2011.05.22 20:59:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 20:55:18 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.22 20:55:18 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.22 20:39:06 | 000,000,632 | ---- | M] () -- C:\Users\xxx\Desktop\Total Commander.lnk [2011.05.21 18:01:31 | 001,098,273 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1246.JPG [2011.05.21 17:59:38 | 001,807,615 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1245.JPG [2011.05.21 16:10:59 | 001,356,177 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1243.JPG [2011.05.21 15:09:59 | 002,515,576 | ---- | M] () -- C:\Users\xxx\Desktop\IMG_1237.JPG [2011.04.30 10:44:42 | 000,091,254 | ---- | M] () -- C:\Users\xxx\Desktop\DHL-Marke-2-QR3VFP7KPM.pdf [2011.04.30 10:44:27 | 000,088,286 | ---- | M] () -- C:\Users\xxx\Desktop\DHL-Marke-1-GF49UERNL7.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.22 22:52:16 | 000,048,861 | ---- | C] () -- C:\Users\xxx\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2011.05.22 22:09:11 | 000,105,289 | ---- | C] () -- C:\Users\xxx\Desktop\kqM7r95q.htm.part.htm [2011.05.22 20:59:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 20:55:18 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.22 20:55:18 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.22 20:55:17 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.05.22 20:39:06 | 000,000,632 | ---- | C] () -- C:\Users\xxx\Desktop\Total Commander.lnk [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011.05.22 20:39:04 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011.05.22 20:39:03 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011.05.21 18:04:01 | 001,098,273 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1246.JPG [2011.05.21 18:00:54 | 001,807,615 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1245.JPG [2011.05.21 18:00:54 | 001,356,177 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1243.JPG [2011.05.21 16:12:21 | 002,515,576 | ---- | C] () -- C:\Users\xxx\Desktop\IMG_1237.JPG [2011.04.30 10:44:41 | 000,091,254 | ---- | C] () -- C:\Users\xxx\Desktop\DHL-Marke-2-QR3VFP7KPM.pdf [2011.04.30 10:44:26 | 000,088,286 | ---- | C] () -- C:\Users\xxx\Desktop\DHL-Marke-1-GF49UERNL7.pdf [2011.03.13 21:05:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.02 00:12:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.12 16:50:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.11.10 18:21:33 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.10 18:21:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.10 18:21:33 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.10 18:21:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.03.23 14:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,412,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.12.03 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon [2011.01.05 12:06:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2010.11.11 17:09:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.05.22 20:39:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER [2011.05.22 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ [2011.05.22 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.02.12 12:39:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:0B7B08D3A7E5B193 < End of report > Ich hoffe ich habe an alles gedacht und ihr könnt mir weiterhelfen. Vielen Dank schonmal im Vorraus. Geändert von puntigamer (22.05.2011 um 21:55 Uhr) |
| Themen zu Trojaner im System (BKA) |
| .dll, adobe, alternate, canon, desktop, dll, error, excel, explorer, fehler, flash player, format, frage, langs, logfile, malware.packer.genx, mozilla, neuaufsetzung, nvidia, nvlddmkm.sys, oldtimer, plug-in, problem, recycle.bin, registry, rojaner gefunden, rundll, sched.exe, searchplugins, security, software, sptd.sys, start menu, system, taskhost.exe, temp, trojaner, trojaner gefunden, usb, viren, webcheck |
Baum-Darstellung