| |
| |||||||
Log-Analyse und Auswertung: BKA Bundespolizei Trojaner WinXPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.08.2011, 22:38
| #1 |
| |  BKA Bundespolizei Trojaner WinXP Guten Abend hier ist ein neues Opfer des Trojaners, der mit einer angeblichen Zahlungsaufforderung der Bundespolizei das System lahmlegt. In leichter Panik habe ich auf Empfehlung eines Bekannten eine Avira Rescue CD erstellt und den befallenen Rechner damit gescant. Keine Veränderung, log-Datei hängt an. Bei weiterer Recherche bin ich auf dieses Forum gestoßen (Ihr leistet hier Großartiges  ) und habe eine OTLPEnet CD nach den Anweisungen in diesem Strang http://www.trojaner-board.de/101508-...hensweise.html erstellt und laufen lassen. Allerdings wurde keine extra.txt erstellthier die otl.txt, Ernst und Fall sind die beiden Benutzerkonten Code:
ATTFilter OTL logfile created on: 8/11/2011 1:27:52 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
511.00 Mb Total Physical Memory | 318.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34.47 Gb Total Space | 5.05 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (winvnc)
SRV - File not found [Disabled] -- -- (WinDLL)
SRV - File not found [Disabled] -- -- (RVS_CE)
SRV - File not found [Disabled] -- -- (Iomega Activity Disk2)
SRV - File not found [Auto] -- -- (HidServ)
SRV - [2011/07/02 05:22:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/14 05:33:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/23 07:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/05/26 09:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/05/14 04:08:49 | 000,488,960 | ---- | M] (Crawler.com) [Auto] -- C:\Programme\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/08/07 06:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2006/05/12 10:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto] -- C:\Programme\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2004/03/18 06:14:50 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto] -- C:\Programme\Apache Group\Apache2\bin\Apache.exe -- (Apache2)
SRV - [2004/02/10 20:57:58 | 002,265,088 | ---- | M] () [Auto] -- C:/mysql/bin/mysqld-nt.exe -- (MySql)
SRV - [2002/09/24 11:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto] -- C:\Programme\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/04 09:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto] -- C:\Programme\Iomega\System32\AppServices.exe -- (Iomega App Services)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (srescan)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/07/02 05:22:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/02 05:22:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/29 09:21:41 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/26 09:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/14 04:08:49 | 000,142,592 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/05/13 04:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 14:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ppa3.sys -- (ppa3)
DRV - [2007/11/06 22:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2006/01/31 08:35:34 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/07/20 02:35:00 | 000,240,384 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 19:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/01/23 12:19:40 | 000,042,709 | ---- | M] (T-COM) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elcapitd.sys -- (elcapitd)
DRV - [2004/01/09 11:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 11:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/09 09:18:08 | 000,117,717 | ---- | M] (T-COM) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elcapibs.sys -- (elcapibs)
DRV - [2003/11/08 18:24:17 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/10/17 00:27:00 | 000,176,256 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yukonx86.sys -- (yukonx86)
DRV - [2003/08/05 22:43:04 | 000,159,744 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/02/05 09:02:12 | 000,156,112 | ---- | M] (Telekom) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\elcapi20.sys -- (elcapi20)
DRV - [2002/09/04 09:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\IomDisk.sys -- (iomdisk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Fall_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ernst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Ernst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2011/02/07 05:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/25 12:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/07/05 14:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/07/25 12:25:07 | 000,000,000 | ---D | M]
[2011/07/23 16:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Fall\Anwendungsdaten\mozilla\Extensions
[2011/07/05 14:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/07/05 14:35:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/16 00:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Fall_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Ernst_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Ernst_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Ernst_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Ernst_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] C:\Programme\SymNetDrv\SNDWarn.exe (Symantec Corporation)
O4 - HKU\Fall_ON_C..\Run: [ALUAlert] File not found
O4 - HKU\Ernst_ON_C..\Run: [SpywareTerminatorUpdate] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\Ernst_ON_C..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunServices: [Ad-aware Soft] File not found
O4 - Startup: C:\Dokumente und Einstellungen\Ernst\Startmenü\Programme\Autostart\WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe (MySQL AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Fall_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ernst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} hxxp://82.91.20.57:8093/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} hxxp://192.168.1.10/img/NetCamPlayerWeb11g.ocx (NetCamPlayerWeb11g Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125592234546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214897384687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Ernst\Lokale Einstellungen\Temporary Internet Files\Content.IE5\H1LF3Z8S\readme[1].exe) - C:\Dokumente und Einstellungen\Ernst\Lokale Einstellungen\Temporary Internet Files\Content.IE5\H1LF3Z8S\readme[1].exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/11 14:02:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/25 12:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\DDMSettings
[2011/07/25 12:25:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\DivX
[2011/07/25 12:24:39 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/07/25 12:24:39 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/07/25 12:24:38 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/07/25 12:24:38 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/07/25 12:24:38 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/07/25 12:24:38 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/07/25 12:24:38 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/07/25 12:24:38 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/07/25 12:24:38 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/07/25 12:24:38 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/07/25 12:24:38 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/07/25 12:24:38 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/07/25 12:24:38 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/07/25 12:24:38 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/07/25 12:24:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX Plus
[2011/07/25 12:24:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared
[2011/07/25 12:20:02 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2011/07/25 12:18:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2011/07/23 16:02:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fall\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011/07/23 16:02:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fall\Anwendungsdaten\Mozilla
[2002/11/10 21:00:10 | 000,204,800 | ---- | C] ( ) -- C:\WINDOWS\System32\SlpV24s.exe
[2002/11/10 21:00:10 | 000,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\SlpV24.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/10 12:30:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/10 12:27:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/10 12:26:47 | 536,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/09 15:40:28 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/08/04 09:48:22 | 000,349,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Ernst\Eigene Dateien\veredeln.pdf
[2011/07/25 13:25:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/25 12:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX Plus
[2011/07/23 16:03:02 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Fall\Desktop\Microsoft Word.lnk
[2011/07/23 13:53:29 | 536,166,400 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/07/13 05:07:06 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 05:02:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/04 09:48:22 | 000,349,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Ernst\Eigene Dateien\veredeln.pdf
[2011/07/05 14:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/10 10:20:13 | 000,000,796 | ---- | C] () -- C:\Dokumente und Einstellungen\Ernst\.plugin141_07.trace
[2010/10/21 06:21:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\wmerrCHS.dll
[2010/10/21 06:21:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\wmerrCHS.dll
[2010/09/17 03:45:42 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/05/14 04:08:49 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/03/07 16:27:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/07 16:26:47 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/03/07 16:26:46 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/10/20 12:40:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\niuzu.dll
[2009/07/08 15:10:25 | 000,017,566 | ---- | C] () -- C:\WINDOWS\System32\cmd2.exe
[2009/05/20 09:57:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\mscahc.dll
[2008/07/16 05:21:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/25 03:38:09 | 000,022,168 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007/04/25 03:38:09 | 000,018,072 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2006/10/05 14:00:01 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/10/05 13:59:46 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/09/28 16:27:08 | 000,000,000 | R--- | C] () -- C:\Dokumente und Einstellungen\Ernst\TFTP1988
[2006/09/28 13:02:17 | 000,000,000 | R--- | C] () -- C:\Dokumente und Einstellungen\Ernst\TFTP3444
[2006/08/16 17:17:04 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006/07/20 05:24:44 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\uninstall_slave.exe
[2006/07/20 05:24:44 | 000,001,465 | ---- | C] () -- C:\WINDOWS\System32\rcfg.ini
[2006/07/20 05:24:44 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\ident.ini
[2006/06/23 07:38:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\OrdMen.dll
[2006/06/23 07:37:50 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\ENCODE32.DLL
[2006/06/23 07:37:50 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.DLL
[2006/06/23 07:37:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\TALDM32A.dll
[2006/06/23 07:37:50 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\TALDM32.DLL
[2006/06/23 07:37:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SBSPAIN3.DLL
[2006/06/23 07:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SBSPAIN2.DLL
[2006/06/23 07:37:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SBSPAINT.DLL
[2005/02/22 07:10:51 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\NetCapiConfig.exe
[2005/02/20 12:20:35 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini
[2004/11/05 14:36:15 | 000,000,459 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/11/05 14:29:20 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\cfssvradmin.dll
[2004/11/05 14:29:20 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\CFFileProxy.dll
[2004/11/05 14:29:19 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\cfproject.dll
[2004/11/05 14:29:19 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\CFFtp.dll
[2004/11/05 14:29:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\CFFPTree.dll
[2004/11/05 14:29:10 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2004/11/05 14:00:52 | 000,040,637 | ---- | C] () -- C:\WINDOWS\php.ini-recommended
[2004/11/05 14:00:52 | 000,039,808 | ---- | C] () -- C:\WINDOWS\php.ini-dist
[2004/11/05 13:39:12 | 000,039,886 | ---- | C] () -- C:\WINDOWS\php.ini
[2004/09/23 09:46:07 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/09/23 09:45:53 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2004/09/23 09:45:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/09/22 06:39:15 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/09/22 06:36:17 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2004/09/19 06:11:04 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/19 06:11:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/09/18 11:20:07 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/09/18 11:20:06 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/09/11 14:47:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/11 14:45:43 | 000,121,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/11 14:31:34 | 000,003,974 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/09/11 14:31:29 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/11 14:04:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/11 13:59:03 | 000,022,908 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/11 08:35:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/09/11 08:35:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/11 08:35:36 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/29 05:24:02 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2011/07/23 16:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fall\Anwendungsdaten\Active Disk
[2010/08/23 06:57:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fall\Anwendungsdaten\CheckPoint
[2004/11/06 04:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\Active Disk
[2010/08/06 03:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\CheckPoint
[2011/07/25 12:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\DDMSettings
[2004/12/16 08:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\FUJIFILM
[2007/10/09 04:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\iolo
[2010/06/18 05:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\Leadertech
[2010/03/07 16:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\pdf995
[2011/05/19 10:33:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ernst\Anwendungsdaten\Spyware Terminator
[2007/10/09 04:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iolo
[2008/03/18 09:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2011/05/19 03:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995
[2010/06/11 03:14:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlotSoft
[2011/08/09 06:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
========== Purity Check ==========
< End of report >
Beste Grüße |
| Themen zu BKA Bundespolizei Trojaner WinXP |
| 0x00000001, ad-aware, antivir, applaus, avira, avira rescue, avira rescue cd, bho, browser, checkpoint, desktop, einstellungen, firefox, format, ftp, homepage, hängt, log-datei, logfile, msvcrt, object, otl.txt, plug-in, realtek, reatogo, registry, rescue cd, sched.exe, security, software, spyware, symantec, system, trojaner, windows, windows xp, zahlungsaufforderung |
Baum-Darstellung