| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner LogWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.06.2011, 15:26
| #1 |
 |  BKA Trojaner Log Soll den Laptop von einer Freundin wieder herrichten. Also: Sie hat sich wohl den BKA Trojaner eingefangen und nachdem ich mich im Board schlau gemacht hab hab ich den Scan von OTLPE laufen lassen nachfolgend das Log. Bitte um Hilfe bzw um den fix.txt und vllt eine knappe Erklärung was zu tun ist. Hier das Log von OTLPE! Code:
ATTFilter OTL logfile created on: 6/7/2011 4:41:56 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268.79 Gb Total Space | 148.58 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive E: | 29.28 Gb Total Space | 14.51 Gb Free Space | 49.55% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/29 15:35:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 07:24:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/03/05 12:54:50 | 000,311,296 | ---- | M] () [Auto] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009/02/11 11:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/04/29 06:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/04/29 06:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/16 07:24:04 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/24 11:59:12 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/11 10:56:03 | 000,009,336 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2009/06/17 05:17:28 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/05/25 02:50:44 | 000,164,864 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/08 16:58:00 | 007,551,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/08 13:02:48 | 000,498,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/05/01 04:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/04/10 15:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/29 12:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lokalisten.de/hxxp://www.gmx.de/ [binary data]
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/
IE - HKU\Katinka_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Katinka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Katinka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 07:02:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/29 06:04:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/03 14:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/10/04 04:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Extensions
[2010/10/04 04:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/05 07:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\extensions
[2010/04/27 12:12:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/10 13:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/10 13:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/06 17:37:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/04/06 17:37:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/06 17:37:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/04/06 17:37:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/04/06 17:37:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Hotbar) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc] File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\Katinka_ON_C..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\Katinka_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Katinka_ON_C Winlogon: Shell - (C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe) - C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe (BitDefender)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{32ca5246-f193-11de-b57e-001f16218b2e}\Shell\AutoRun\command - "" = G:\MasterControl_Resources.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/05 05:28:38 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/05 05:14:48 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/06/05 05:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/05 05:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/05 05:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/06/02 07:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/31 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Katinka\Documents\Podcasts
[2011/05/29 07:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/05/29 07:15:51 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011/05/29 07:15:51 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011/05/29 07:15:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011/05/29 07:15:49 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2011/05/29 07:15:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011/05/29 07:15:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011/05/29 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/05/24 13:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/24 13:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/24 13:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/24 01:16:19 | 000,000,000 | ---D | C] -- C:\Users\Katinka\Documents\Verschiedenes
[2009/06/10 09:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/06/10 09:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Katinka\Documents\*.tmp files -> C:\Users\Katinka\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/06 21:07:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/06 21:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 19:59:22 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/06 19:59:22 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/06 19:59:22 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/06 19:59:22 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/06 19:54:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job
[2011/06/06 19:53:38 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/06 19:53:12 | 000,063,359 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/06 19:51:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 19:50:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 19:50:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 16:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 05:28:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/05 05:28:34 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/06/05 05:14:52 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/05 05:14:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/06/03 06:45:42 | 000,007,592 | ---- | M] () -- C:\Users\Katinka\AppData\Local\d3d9caps.dat
[2011/06/02 07:15:36 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/02 07:15:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/02 07:08:44 | 020,533,281 | ---- | M] () -- C:\Users\Katinka\Documents\vlc-1.1.9-win32.exe
[2011/06/02 06:17:31 | 000,000,969 | ---- | M] () -- C:\Users\Katinka\Desktop\Dropbox.lnk
[2011/06/02 06:17:31 | 000,000,949 | ---- | M] () -- C:\Users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/29 07:15:54 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/05/29 07:15:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/05/29 06:04:14 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/29 06:04:14 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/27 02:02:43 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/24 13:40:30 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/24 13:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[1 C:\Users\Katinka\Documents\*.tmp files -> C:\Users\Katinka\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/05 17:07:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/05 16:04:54 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/06/05 05:14:52 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/06/02 07:15:36 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/02 07:01:03 | 020,533,281 | ---- | C] () -- C:\Users\Katinka\Documents\vlc-1.1.9-win32.exe
[2011/05/29 07:15:54 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/05/29 07:15:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/05/24 13:40:30 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/30 05:50:58 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT
[2010/10/21 12:34:03 | 000,000,071 | ---- | C] () -- C:\Windows\UF.INI
[2010/10/21 12:07:40 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/02/10 12:26:39 | 000,007,592 | ---- | C] () -- C:\Users\Katinka\AppData\Local\d3d9caps.dat
[2010/01/26 05:33:39 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/15 15:06:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/02 13:48:31 | 000,000,099 | ---- | C] () -- C:\Users\Katinka\AppData\default.pls
[2009/12/30 07:43:14 | 000,063,359 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/30 07:43:14 | 000,063,359 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/29 15:01:05 | 000,019,456 | ---- | C] () -- C:\Users\Katinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 14:39:24 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2009/09/11 10:56:03 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2009/09/11 06:21:17 | 000,000,688 | ---- | C] () -- C:\Users\Katinka\AppData\Roaming\wklnhst.dat
[2009/06/10 10:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009/06/10 09:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/06/10 09:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009/06/10 09:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/06/10 09:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/06/10 08:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009/06/10 08:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/06/10 08:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/06/09 14:24:37 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/06/09 14:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/06/09 14:24:37 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/06/09 14:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/06/09 04:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/09 04:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/09 04:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/06/04 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Dropbox
[2010/03/29 03:28:37 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Facebook
[2009/11/08 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\ICQ
[2009/10/04 06:44:43 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Template
[2010/10/04 04:27:53 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\Thunderbird
[2009/11/10 15:01:10 | 000,000,000 | ---D | M] -- C:\Users\Katinka\AppData\Roaming\WeatherDPA
[2009/11/10 15:01:11 | 000,000,000 | ---D | M] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/11/10 15:02:15 | 000,000,000 | ---D | M] -- C:\ProgramData\HotbarSA
[2009/06/10 10:18:19 | 000,000,000 | ---D | M] -- C:\ProgramData\LKG
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/06/10 16:20:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/26 08:46:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/01/05 11:14:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/06/08 17:15:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/10 11:22:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/06/06 21:07:56 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/05 17:14:08 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/06 19:54:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job
========== Purity Check ==========
< End of report >
|
|
07.06.2011, 15:33
| #2 |
| /// Malware-holic   | BKA Trojaner Log machen wir doch glatt
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Katinka_ON_C Winlogon: Shell - (C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe) - C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe
(BitDefender)
:Files
C:\Users\Katinka\AppData\Local\Temp
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
07.06.2011, 16:07
| #3 | |
| | BKA Trojaner LogZitat:
|
|
07.06.2011, 16:08
| #4 |
| /// Malware-holic | BKA Trojaner Log sorry, hätte das anpassen müssen, du musst die otl cd starten wie am anfang, nur dass du keinen scan lädst sondern den fix ausführst
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.06.2011, 16:40
| #5 |
| | BKA Trojaner Log Also habe den Fix durchgeführt und es kam kein automatischer neustart dafür wurde die Datei geöffnet, die im movedFiles Ordner war/ist deshalb lade ich sie hoch wie beschrieben. Habe versucht manuell neuzustarten, leider immernoch der BKA Screen. Was vielleicht noch zu erwähnen ist ich musste den Fix manuell eingeben und konnte die Text-datei nich laden da ein Shell-Fehler auftrat, als ich versuchte einen anderen Pfad auszuwählen. (Access violation at address 7CA0C936 in module 'shell32.dll'. Read of address 00000006.) EDIT: Datei sollte hochgeladen sein. EDIT2: Bin wohl eine Zeile verrutscht und habe den scan als fix.txt benutzt -.-, heißt die hochgeladenen Dateien bis jetzt sollten auch notzlos sein. Melde mich nochmal wenn alles richtig durchgeführt wurde. Geändert von SecreT2k (07.06.2011 um 17:14 Uhr) Grund: Schreibfehler |
|
07.06.2011, 20:02
| #6 |
| | BKA Trojaner Log Soo.. der Fix lief und Windows lässt sich wieder normal starten, leider scheint meine Freundin nie ihren temporären Ordner gelöscht zu haben heißt die Datei die ich hochladen werde umfasst 955 Megabyte gezippt! Die otl.txt wurde leider nicht geöffnet aber da sich diese wohl im Ordner _OTL befindet gehe ich einach mal davon aus das es diese hier ist (06072011_210458.txt): Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\Katinka_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe deleted successfully.
C:\Users\Katinka\AppData\Local\Temp\0.8771620169495002.exe moved successfully.
========== FILES ==========
C:\Users\Katinka\AppData\Local\Temp\{db9dc632-2bc9-4671-b409-0257bcc0eef2} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{7782BCFB-B024-4C7D-A72B-DCE76020B1F5}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{7782BCFB-B024-4C7D-A72B-DCE76020B1F5} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{3bc7a8c2-945c-45ce-82e0-c261525f5073} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\{01c1360c-68be-4b83-bbdd-ae09e4af76d6} folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Word8.0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Windows Live Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\VBE folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XUHEDJ9H folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\LFXGMZ4E folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\H5YUIW63 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5\G7ON2C7J folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp4_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp3_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp2_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_sob_bd1_kap1_kol1_abb2_23_a_with_legend_singledownload.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_sob_bd1_kap1_kol1_abb2_23_a_with_legend_singledownload-1.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Probestipendium[1].zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Probestipendium.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_lk_2009.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Literaturverzeichnis night[1].zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_Abiball.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Temp1_63-termitrainer_12.zip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\TCD1ADF.tmp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\rb\3416 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\rb folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-9 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-8 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-7 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-6 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-5 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-4 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-3 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-14 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-13 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-12 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-11 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-10 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Picasa3\Picasa filecheck folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Picasa3 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\PDFCreator\PDFCreatorSpool folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\PDFCreator folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Outlook-Protokoll folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\outlook logging folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OneNoteRuntimeCache\OneNoteRuntimeCache_Files folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OneNoteRuntimeCache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OIS\temp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OIS\cacheFiles folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\OIS folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\nro.log\log folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\nro.log folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\msohtmlclip1 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\msohtmlclip folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\MessengerCache\Sounds folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\MessengerCache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Windows Live Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Low folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\ImageUploader_Temp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\hsperfdata_Katinka folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Google Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Cab97A0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Adobe\Acrobat folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low\Adobe folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\hsperfdata_Katinka folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\History folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Google Toolbar folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\DWDD38D.tmp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Cookies folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\comtypes_cache\Dropbox-25 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\comtypes_cache folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\CDM folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\AVSETUP_4b6ef529 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Audible Device Images folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\AAWInstallerTemp folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\951E.dir folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\8FD1.dir folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\871A.dir folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223700001664rcpxylrqc2 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223600001664utg2h2xl9d folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\11232236000016642jibvk0sg0 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664ox2fhr6iw8 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664ezva8ote5l folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664ejdkfjur90 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223500001664898a5k3e2p folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223400001664roey4ufd4d folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223400001664msztx54skn folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\1123223400001664bs7u757dzh folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202500000348mvbhbta59d folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\012720250000034884s4a5w5yk folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202300000348ywq413k4cy folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202300000348x48iq90ml8 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202300000348judr5s3bh2 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202200000348zbh0jeo60a folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\012720220000034806r9i9xc01 folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202100000348mjbg7pop1k folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\0127202100000348mdbvmgz9ek folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\01272021000003483aqrylp18x folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp\012720210000034815ch1tc0jx folder moved successfully.
C:\Users\Katinka\AppData\Local\Temp folder moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Katinka
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Katinka
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9340107089 bytes
Total Files Cleaned = 8,907.00 mb
OTLPE by OldTimer - Version 3.1.46.0 log created on 06072011_210458
|
|
07.06.2011, 20:07
| #7 |
| /// Malware-holic | BKA Trojaner Log sorry das war meine schuld, hab da nicht genug kopiert. der ordner temp wurde neu erstellt nehme ich an? also automatisch? öffne mal otl. klicke bereinigen, dann wird otl + moved files gelöscht. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.06.2011, 20:17
| #8 |
| | BKA Trojaner Log Wie oder wo soll ich otl. öffnen nochmal von der CD starten? oder über Windows die CD starten? |
|
07.06.2011, 20:22
| #9 |
| /// Malware-holic | BKA Trojaner Log sorry lösche einfach den ordner moved files. und dann mit combofix weiter.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.06.2011, 20:53
| #10 |
| | BKA Trojaner Log Also ComboFix lief durch und hier ist die ComboFix.txt: Code:
ATTFilter ComboFix 11-06-06.07 - Katinka 08.06.2011 0:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1474 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HotbarSA
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Katinka\AppData\Roaming\WeatherDPA
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-07 bis 2011-06-07 ))))))))))))))))))))))))))))))
.
.
2011-06-07 22:34 . 2011-06-07 22:36 -------- d-----w- C:\32788R22FWJFW
2011-06-07 21:07 . 2011-06-07 22:47 -------- d-----w- c:\users\Katinka\AppData\Local\Temp
2011-06-05 20:04 . 2011-06-05 09:28 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-05 09:28 . 2011-06-05 09:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-05 09:14 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-05 09:14 . 2011-06-05 09:14 -------- d-----w- c:\program files\Lavasoft
2011-06-05 09:14 . 2011-06-05 09:14 -------- d-----w- c:\programdata\Lavasoft
2011-06-03 10:58 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B2EEB2-5AF4-449C-B933-6C89678B0AFE}\mpengine.dll
2011-05-29 11:15 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-05-29 11:15 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-29 11:15 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-29 11:15 . 2011-05-29 11:16 -------- d-----w- c:\program files\PDFCreator
2011-05-29 11:15 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2011-05-29 11:15 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2011-05-29 11:15 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2011-05-29 11:15 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-24 17:40 . 2011-06-07 21:20 -------- d-----w- c:\programdata\Skype Extras
2011-05-24 17:40 . 2011-05-24 17:40 -------- d-----w- c:\program files\Common Files\Skype
2011-05-11 19:29 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 11:24 . 2010-02-07 17:17 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-27 10:54 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 08:20 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 08:20 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Katinka\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-06-19 765952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Katinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Katinka\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
WkCalRem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca96149fdacf30;Google Update Service (gupdate1ca96149fdacf30);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-05-08 498176]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 16:18]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:57]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:57]
.
2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{14BD630B-2A9A-4BA4-A186-85029409AEC5}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Katinka\AppData\Roaming\Mozilla\Firefox\Profiles\yj3k3qs2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-08 00:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-08 00:49:05
ComboFix-quarantined-files.txt 2011-06-07 22:48
.
Vor Suchlauf: 8 Verzeichnis(se), 165.580.804.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 165.532.012.544 Bytes frei
.
- - End Of File - - 29B4450EDEDD43FACE49E9B146A91181
|
|
08.06.2011, 10:28
| #11 |
| /// Malware-holic | BKA Trojaner Log download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2011, 16:33
| #12 |
| | BKA Trojaner Log Hier der Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6810
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
08.06.2011 20:22:36
mbam-log-2011-06-08 (20-22-36).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 334715
Laufzeit: 1 Stunde(n), 1 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files\biologie chemie 5 bis 13\umrechner.exe (Trojan.FakeCalc) -> Quarantined and deleted successfully.
|
|
08.06.2011, 16:35
| #13 |
| /// Malware-holic | BKA Trojaner Log c:\program files\biologie chemie 5 bis 13\umrechner.exe (Trojan.FakeCalc) -> Quarantined and deleted successfully. sieht nach fehlalarm aus, kannst du aus der quarantäne hohlen lade den CCleaner standard: CCleaner - Standard falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2011, 17:42
| #14 |
| | BKA Trojaner Log Da wie ich schon sagte das der PC einer Freundin ist sind mir natürlich einige Programme unbekannt, dehalb habs ichs einfach mal nach bestem gewissen gemacht. Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 25.08.2009 13,5MB unnötig
Ad-Aware Lavasoft Limited 04.06.2011 33,7MB 9.0.1 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 25.08.2009 10.0.22.87 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 16.11.2010 10.1.102.64 notwendig
Adobe Reader 9.4.4 - Deutsch Adobe Systems Incorporated 28.05.2011 201MB 9.4.4 notwendig
Adobe Shockwave Player 11 Adobe Systems, Inc. 25.08.2009 17,5MB 11 notwendig
Angebote ALDI SÜD Bildschirmschoner 25.08.2009 unnötig
Apple Application Support Apple Inc. 29.11.2010 52,7MB 1.4.1 notwendig
Apple Mobile Device Support Apple Inc. 29.11.2010 21,7MB 3.3.0.69 notwendig
Apple Software Update Apple Inc. 07.06.2010 2,26MB 2.1.2.120 notwendig
Audible Download Manager Audible, Inc. 24.08.2010 3,81MB 6.6.0.12 unbekannt
Avira AntiVir Personal - Free Antivirus Avira GmbH 28.04.2011 78,8MB 10.0.0.648 notwendig
Badaboom 1.1.1.194 Elemental Technologies 25.08.2009 14,3MB 1.1.1.194 unbekannt
Biologie Chemie 5 bis 13 Tandem 08.04.2010 211MB 2.0 unbekannt
Bonjour Apple Inc. 28.10.2010 0,76MB 2.0.3.0 notwendig
CanoScan LiDE 210 Scanner Driver 29.01.2011 notwendig
CCleaner Piriform 07.06.2011 3,68MB 3.07 notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 13.05.2011 60,3MB 12.0.6425.1000 notwendig
Corel Home Office 5.0.56 Corel Corporation 09.06.2009 124,7MB notwendig
CorelDRAW Essentials 4 Corel Corporation 09.06.2009 684MB notwendig
CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 09.06.2009 1,81MB notwendig
CyberLink MediaShow CyberLink Corp. 09.06.2009 316MB 4.1.2325 unbekannt
CyberLink PhotoNow CyberLink Corp. 09.06.2009 21,8MB 1.1.5615 unbekannt
CyberLink PowerDirector CyberLink Corp. 09.06.2009 423MB 7.0.2625 unbekannt
CyberLink PowerDVD 8 CyberLink Corp. 09.06.2009 94,4MB 8.0.2606a unbekannt
CyberLink PowerProducer CyberLink Corp. 09.06.2009 311MB 5.0.1.1412 unbekannt
CyberLink YouCam CyberLink Corp. 09.06.2009 73,8MB 2.0.2521 unbekannt
DivX Web Player DivX,Inc. 25.08.2009 3,45MB 1.5.0 notwendig
Dropbox Dropbox, Inc. 01.06.2011 24,0MB 1.1.35 unbekannt
e-Wörterbücher 25.08.2009 1,75MB notwendig
Facebook Plug-In Facebook, Inc. 28.03.2010 11,6MB notwendig
Finger-sensing Pad Driver FSP 21.06.2009 13,4MB 8.4.2.8 notwendig
Foxlink Webcam Sonix 09.06.2009 5,70MB 5.8.51000.202_WHQL unbekannt
FreeMind 05.03.2011 16,5MB 0.9.0_RC_10 unbekannt
Google Chrome Google Inc. 14.01.2010 154,8MB 11.0.696.71 notwendig
Google Earth Google 10.06.2009 25,3MB 4.3.7284.3916 notwendig
Google Toolbar for Internet Explorer Google Inc. 04.06.2011 8,71MB 7.0.1710.2246 notwendig
Google Updater Google Inc. 25.08.2009 4,57MB 2.4.1487.6512 notwendig
ICQ6.5 ICQ 29.10.2009 48,0MB 6.5 notwendig
Intel® Matrix Storage Manager Intel Corporation 25.08.2009 46,9MB unbekannt
iTunes Apple Inc. 27.12.2010 144,8MB 10.1.1.4 notwendig
Java(TM) 6 Update 23 Sun Microsystems, Inc. 09.06.2009 97,0MB 6.0.230 notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 07.06.2011 7,29MB 1.51.0.1200
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 25.08.2009 37,0MB notwendig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 25.08.2009 37,0MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120,3MB 4. 0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 21.03.2010 643MB 12.0.6425.1000 notwendig
Microsoft Office Home and Student 2007 Microsoft Corporation 11.04.2010 643MB 12.0.6425.1000 notwendig
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 13.05.2011 100,2MB 12.0.6425.1000 notwendig
Microsoft Silverlight Microsoft Corporation 21.04.2011 26,7MB 4.0.60310.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 09.06.2009 1,74MB 3.1.0000 notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 22.11.2009 0,61MB 1.0.1215.0 notwendig
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 26.01.2011 1,45MB 1.0.1215.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 20.09.2009 0,25MB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.06.2009 0,41MB 8.0.56336 notwendig
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 26.05.2011 0,29MB 8.0.51011 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.02.2010 0,19MB 9.0 .30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 26.05.2011 0,58MB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.02.2010 0,58MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.03.2010 0,58MB 9.0.30729.4148 notwendig
Microsoft Works Microsoft Corporation 17.12.2010 545MB 9.7.0621 notwendig
Mozilla Firefox (3.6.17) Mozilla 30.04.2011 29,5MB 3.6.17 (de) notwendig
Mozilla Thunderbird (3.1.10) Mozilla 02.05.2011 33,4MB 3.1.10 (de) notwendig
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 09.06.2009 34,00KB 4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 09.06.2009 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.11.2009 1,34MB 4.20.9876.0 unbekannt
Nero 8 Essentials Nero AG 09.06.2009 1.938MB 8.3.124 notwendig
NVIDIA Drivers NVIDIA Corporation 25.08.2009 3.314MB 1.3 notwendig
PDFCreator Frank Heindörfer, Philip Chinery 28.05.2011 30,1MB 1.2.1 notwendig
Picasa 3 Google, Inc. 29.01.2011 96,2MB 3.8 notwendig
QuickTime Apple Inc. 27.12.2010 73,7MB 7.69.80.9 notwendig
Realtek 8136 8168 8169 Ethernet Driver Realtek 16.06.2009 1,60MB 1.00.0005 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 09.06.2009 9,29MB 6.0.1.5730 notwendig
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 09.06.2009 1,50MB 6.0.6000.20111 notwendig
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 09.06.2009 7,10MB 1.01.0092 notwendig
Skype Toolbars Skype Technologies S.A. 23.05.2011 5,86MB 5.3.7280 unnötig
Skype™ 5.3 Skype Technologies S.A. 23.05.2011 22,6MB 5.3.111 notwendig
Sobotta interaktiv - Bewegungsapparat 25.10.2010 13,0MB unbekannt
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 08.11.2009 29,7MB 9.0.0 notwendig
TIPP10 Version 2.0.3 (c) 2006-2008, Tom Thielicke 03.10.2009 12,2MB notwendig
Trivial Pursuit 06.02.2010 45,1MB notwendig
VLC media player 1.1.9 VideoLAN 01.06.2011 75,7MB 1.1.9 notwendig
Windows Live Anmelde-Assistent Microsoft Corporation 09.06.2009 1,93MB 5.000.818.6 notwendig
Windows Live Essentials Microsoft Corporation 26.01.2011 136,5MB 14.0.8117.0416 notwendig
Windows Live Sync Microsoft Corporation 26.01.2011 2,79MB 14.0.8117.416 notwendig
Windows Live-Uploadtool Microsoft Corporation 09.06.2009 0,22MB 14.0.8014.1029 notwendig
|
|
08.06.2011, 17:45
| #15 |
| /// Malware-holic | BKA Trojaner Log dann arbeite es doch mit ihr gemeinsam durch
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu BKA Trojaner Log |
| ad-aware, adobe, antivir, autorun, avira, bho, bonjour, defender, desktop, firefox, format, google, home, logfile, mozilla, mozilla thunderbird, nvlddmkm.sys, object, oldtimer, plug-in, realtek, reatogo, registry, scan, sched.exe, searchplugins, software, start menu, temp, trojaner, trojaner eingefangen, usb, usb 2.0, vista |
Linear-Darstellung
