Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Problem mit DOPPELPOSTING (https://www.trojaner-board.de/100305-problem-doppelposting.html)

laFleur 13.06.2011 21:47
Problem mit DOPPELPOSTING
 
Hallo, wie es schon oben steht, habe ich mir einen Virus eingefangen - Nein ich weiß nicht wo ich ihn her habe. Nunja jetzt habe ich ihn, und weiß nicht mehr wie ich ihn losbekomme! Wenn ich mein Laptop anschalten möchte, lauft alles gut, bis nach dem "WELCOME", denn danach taucht wieder die Anzeige des BKA über den ganzen Bildschirm auf und schließen kann ich es auch nicht, auch nicht über den Task Manager.

Da ich nicht mein Laptop formatieren möchte, habe ich mir von meinem Rechner aus die Kaspersky Rescue Disc 10 auf eine DVD gebrannt. Konnte aber irgendwie kein Update davon machen, wird einfach abgebrochen, habe auch keine Internetverbindung trotz LAN Kabel. Habe dann trotzdem den Laptop auf Viren durchsucht, er hat auch welche gefunden.. 4 Viren/ Trojaner. Nun habe ich wieder den Laptop angeschaltet, hat sich aber leider nichts geändert.. Achja im abgesichteren Modus komm ich auch nicht rein!

Habe schon viel rumgeschaut, aber nichts genaues gefunden. Ich hoffe ihr könnt mir helfen. Habe schoneinmal etwas über Antivir Rescue System oder OTL gelesen, kenne mich aber nicht so genau aus. (Ich glaube das kann man auch nicht so einfach von andren Usern übernehmen, weil das ja auch andere Fälle sind ?!?! Bin da noch nicht so fit drin..)
Hoffe ihr könnt mir helfen!!!!

Vielen Dank im vorraus

laFleur 14.06.2011 09:42
soweit bin ich gekommen..

OTL Logfile:
Code:
OTL logfile created on: 6/14/2011 1:42:28 AM - Run
OTLPE by OldTimer - Version 3.1.46.0    Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 17.04 Gb Free Space | 33.31% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 5.48 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/28 06:10:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/05 17:32:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/20 09:03:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 08:57:28 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/03/20 09:03:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/18 20:44:13 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2011/02/18 20:44:13 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2011/02/18 20:44:13 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2010/11/22 09:42:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/08 17:46:13 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/12 07:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2009/10/21 12:16:08 | 000,198,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/09/29 02:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 02:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 02:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/09/10 10:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008/11/19 11:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 11:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 11:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/01/25 19:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 19:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=46f6752d000000000000001b777534b0&tlver=1.4.19.19&affID=17159
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jasmin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 9F C3 6B 58 CD CB 01  [binary data]
IE - HKU\Jasmin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: grooveshredder@code.argee.org:1.04
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/18 18:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/18 18:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 05:57:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 16:21:58 | 000,000,000 | ---D | M]
 
[2010/11/08 17:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\Mozilla\Extensions
[2011/06/12 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\pp8w8ybq.default\extensions
[2011/06/11 16:58:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\pp8w8ybq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/11 17:23:37 | 000,000,000 | ---D | M] (Groove Shredder) -- C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\pp8w8ybq.default\extensions\grooveshredder@code.argee.org
[2011/06/12 16:21:57 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\pp8w8ybq.default\extensions\gutscheinmieze@synatix-gmbh.de
[2011/03/28 14:47:23 | 000,002,057 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\pp8w8ybq.default\searchplugins\youtube-videosuche.xml
[2011/06/12 16:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 19:05:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/17 19:04:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/19 02:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
[2011/03/03 14:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/06/06 04:51:12 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/03/03 14:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/06/12 16:21:58 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
[2011/03/03 14:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/03 14:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/03 14:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Jasmin\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\Jasmin_ON_C\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Jasmin\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLanMini.exe (AVM Berlin)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Jasmin_ON_C Winlogon: Shell - (C:\Users\Jasmin\AppData\Local\Temp\0.5085554016653625.exe) - C:\Users\Jasmin\AppData\Local\Temp\0.5085554016653625.exe (vdv)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{160156fb-12a1-11e0-a836-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{160156fb-12a1-11e0-a836-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5edd90c8-fd6f-11df-a8eb-001b38501142}\Shell - "" = AutoRun
O33 - MountPoints2\{5edd90c8-fd6f-11df-a8eb-001b38501142}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{d707885b-1568-11e0-af35-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d707885b-1568-11e0-af35-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e0c6fe79-67a1-11e0-ae8f-001b777534b0}\Shell - "" = AutoRun
O33 - MountPoints2\{e0c6fe79-67a1-11e0-ae8f-001b777534b0}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{e0ca979f-0ceb-11e0-af20-001b38501142}\Shell - "" = AutoRun
O33 - MountPoints2\{e0ca979f-0ceb-11e0-af20-001b38501142}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eb5ee80e-0909-11e0-b455-001b38501142}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5ee80e-0909-11e0-b455-001b38501142}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eb5ee81e-0909-11e0-b455-001b38501142}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5ee81e-0909-11e0-b455-001b38501142}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ee5bf545-0a3f-11e0-b3ad-001b38501142}\Shell - "" = AutoRun
O33 - MountPoints2\{ee5bf545-0a3f-11e0-b3ad-001b38501142}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ffa5da69-69c5-11e0-adbb-d62690580350}\Shell - "" = AutoRun
O33 - MountPoints2\{ffa5da69-69c5-11e0-adbb-d62690580350}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/12 16:28:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/12 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Digiarty
[2011/06/12 16:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/06/12 16:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2011/06/12 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Gutscheinmieze
[2011/06/11 16:31:59 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Papa Musik
[2011/06/06 04:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/06/02 06:00:13 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\MAMA VIDEO
[2011/05/29 16:21:58 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\HOCHZEIT
[2011/05/29 15:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoRescue Wizard PC
[2011/05/29 15:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoRescue Wizard PC
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/13 17:06:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 17:06:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 17:06:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 17:06:06 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 16:22:21 | 000,001,288 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinX Video Converter.lnk
[2011/06/12 16:22:17 | 000,001,264 | ---- | M] () -- C:\Users\Jasmin\Desktop\WinX Video Converter.lnk
[2011/06/12 16:22:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/06/12 15:15:31 | 000,641,706 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/12 15:15:31 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/12 15:15:31 | 000,126,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/12 15:15:31 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 08:59:18 | 000,116,902 | ---- | M] () -- C:\Users\Jasmin\Desktop\image-upload-3-747919.jpg
[2011/05/30 08:38:22 | 000,119,963 | ---- | M] () -- C:\Users\Jasmin\Desktop\image-upload-4-736210.jpg
[2011/05/29 15:02:57 | 000,000,997 | ---- | M] () -- C:\Users\Jasmin\Desktop\PhotoRescue PC.lnk
[2011/05/29 15:02:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoRescue Wizard PC
[2011/05/17 16:32:03 | 000,000,060 | ---- | M] () -- C:\Users\Jasmin\Desktop\PeterZahlt - Kostenlos telefonieren mit PeterZahlt.de - Home.URL
 
========== Files Created - No Company Name ==========
 
[2011/06/12 16:22:21 | 000,001,288 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinX Video Converter.lnk
[2011/06/12 16:22:17 | 000,001,264 | ---- | C] () -- C:\Users\Jasmin\Desktop\WinX Video Converter.lnk
[2011/05/30 08:59:17 | 000,116,902 | ---- | C] () -- C:\Users\Jasmin\Desktop\image-upload-3-747919.jpg
[2011/05/30 08:35:08 | 000,119,963 | ---- | C] () -- C:\Users\Jasmin\Desktop\image-upload-4-736210.jpg
[2011/05/29 15:02:57 | 000,000,997 | ---- | C] () -- C:\Users\Jasmin\Desktop\PhotoRescue PC.lnk
[2011/05/17 16:32:03 | 000,000,060 | ---- | C] () -- C:\Users\Jasmin\Desktop\PeterZahlt - Kostenlos telefonieren mit PeterZahlt.de - Home.URL
[2011/04/15 17:17:30 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011/02/18 20:44:57 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/02/01 14:48:13 | 000,000,073 | ---- | C] () -- C:\Windows\iltwain.ini
[2010/12/31 02:21:09 | 000,003,584 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 18:07:55 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/12/01 18:07:55 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/11/08 18:47:54 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/11/08 18:47:53 | 000,641,706 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/11/08 18:47:53 | 000,126,062 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/11/08 18:47:53 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 001,636,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/06/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Digiarty
[2011/02/01 14:28:58 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Downloaded Installations
[2011/04/06 10:12:14 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Fotobuchexpress24
[2011/01/28 07:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\GetRightToGo
[2011/06/12 16:21:57 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Gutscheinmieze
[2011/01/18 11:44:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\KC Softwares
[2010/12/01 18:15:04 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\LG Electronics
[2011/02/01 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Nitro PDF
[2011/02/17 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\OpenOffice.org
[2011/03/26 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\PhotoScape
[2011/01/28 07:43:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Scan2PDF
[2010/11/09 12:00:44 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Windows Live Writer
[2011/05/01 17:01:26 | 000,000,000 | -H-D | M] -- C:\Users\Jasmin\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/01/18 08:50:19 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/05/02 12:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2010/11/15 16:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2011/02/01 14:30:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2011/03/27 16:28:29 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/20 18:55:59 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2011/04/27 05:39:59 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

cosinus 14.06.2011 13:10
Edit => http://www.trojaner-board.de/100313-...g-von-otl.html

Wieviele Stränge sollens hier denn werden? :koch:


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131