Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: [doppelt] Bundespolizei - Trojaner

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 05.10.2011, 12:30   #1
Polla
 
[doppelt] Bundespolizei - Trojaner - Standard

[doppelt] Bundespolizei - Trojaner



Hallo zusammen,
leider hat es gestern meinen Laptop erwischt und ich habe mir dort den erwähnten Trojaner zu gezogen.
Ich habe in diesem Bord bereits einige Beiträge zu diesem Thema gelesen und auch schon erste Schritte durchgeführt.
Da allerdings in allen Themen immer wieder darauf hingewisen wird, dass jede Infektion einzigartig ist und ein eigenes Vorgehen benötigt poste ich hier jetzt meine ersten Ergebnisse.
Ich habe bereits einen Scan mit srep.exe und OTLPE durchgeführt.
Diese beiden SChritte erschienen mir Sinnvoll und auch ohne weitere Gefahr für meinen Laptop durchführbar.

Hier nun die erhaltenen Logs :

srep :
Zitat:
WIN_VISTA X86Service Pack 2

HKLM\..\Winlogon; Shell = explorer.exe
No action taken
HKCU\..\Winlogon; Shell not found
No action taken


HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\..\Run [WPCUMI] = C:\Windows\system32\WpcUmi.exe
HKLM\..\Run [LG Intelligent Update] = "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
HKLM\..\Run [StartCCC] = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [DivXUpdate] = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\..\Run [Windows Mobile-based device management] = %windir%\WindowsMobile\wmdSync.exe
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run [Adobe ARM] = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run [QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\..\Run [NPSStartup] =

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKCU\..\Run [PMCRemote] =
HKCU\..\Run [EA Core] = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKCU\..\Run [Steam] = "D:\Spiele\Steam\Steam.exe" -silent
HKCU\..\Run [ICQ] = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
HKCU\..\Run [AutoStartNPSAgent] = C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
HKCU\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU\..\Run [avupdate] = C:\Users\Saturn\AppData\Roaming\mahmud.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Winlogon; Shell =
HKU\S-1-5-21-491113855-2426311782-949560941-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [PMCRemote] =
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [EA Core] = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [Steam] = "D:\Spiele\Steam\Steam.exe" -silent
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [ICQ] = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [AutoStartNPSAgent] = C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-491113855-2426311782-949560941-1000\..\Run [avupdate] = C:\Users\Saturn\AppData\Roaming\mahmud.exe

==== FINISH 04.10-15.22 ====
OTLPE :
Zitat:
OTL logfile created on: 10/5/2011 1:19:32 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.99 Gb Total Space | 55.25 Gb Free Space | 55.26% Space Free | Partition Type: NTFS
Drive D: | 196.60 Gb Total Space | 167.00 Gb Free Space | 84.94% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/08/08 10:00:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/27 16:34:42 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/31 03:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/08/29 08:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/08/08 10:00:11 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/08 10:00:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/03/31 03:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/19 14:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/08/29 08:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/06/25 17:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/10 11:35:54 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/02 00:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/29 12:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/01/20 22:23:02 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/14 08:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007/06/13 13:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/14 02:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Saturn_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
IE - HKU\Saturn_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\Saturn_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Saturn_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Saturn_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Saturn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 12:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 12:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/22 16:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/02/24 11:02:46 | 000,000,000 | ---D | M]

[2011/06/27 08:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 08:06:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/27 12:55:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/02/27 12:55:34 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/02/27 12:55:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/02/27 12:55:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/02/27 12:55:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Saturn_ON_C..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Saturn_ON_C..\Run: [avupdate] C:\Users\Saturn\AppData\Roaming\mahmud.exe ()
O4 - HKU\Saturn_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\Saturn_ON_C..\Run: [ICQ] File not found
O4 - HKU\Saturn_ON_C..\Run: [PMCRemote] File not found
O4 - HKU\Saturn_ON_C..\Run: [Steam] File not found
O4 - Startup: Error locating startup folders.
O7 - HKU\Mcx1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mcx1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Mcx1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Saturn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Saturn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Saturn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\Poker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\Poker\PartyPoker\RunApp.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Saturn\AppData\Roaming\Avira
[2011/10/04 03:26:00 | 000,000,000 | ---D | C] -- C:\Users\Saturn\Desktop\CinemaxX
[2011/09/22 07:51:04 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/21 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\Saturn\AppData\Roaming\Padserv
[2011/09/15 09:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 06:10:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/05 06:09:06 | 000,007,512 | ---- | M] () -- C:\Users\Saturn\AppData\Local\d3d9caps.dat
[2011/10/05 06:06:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 06:06:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 09:27:37 | 000,638,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/04 09:27:37 | 000,604,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/04 09:27:37 | 000,131,526 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/10/04 09:27:37 | 000,107,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/04 09:26:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/10/04 08:47:44 | 000,172,544 | ---- | M] () -- C:\Users\Saturn\AppData\Roaming\mahmud.exe
[2011/09/22 07:51:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/15 09:59:19 | 000,000,461 | ---- | M] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2011/09/15 09:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution
[2011/09/14 16:19:55 | 000,017,209 | ---- | M] () -- C:\Users\Saturn\Documents\Wochenplan für WiSe 11,12.ods
[2011/09/10 15:54:58 | 003,750,912 | ---- | M] () -- C:\Users\Saturn\Desktop\DSC_0257.JPG
[2011/09/10 06:43:34 | 003,661,703 | ---- | M] () -- C:\Users\Saturn\Desktop\DSC_0245.JPG
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 08:47:44 | 000,172,544 | ---- | C] () -- C:\Users\Saturn\AppData\Roaming\mahmud.exe
[2011/09/24 05:47:39 | 003,661,703 | ---- | C] () -- C:\Users\Saturn\Desktop\DSC_0245.JPG
[2011/09/24 05:47:10 | 003,750,912 | ---- | C] () -- C:\Users\Saturn\Desktop\DSC_0257.JPG
[2011/09/15 09:59:19 | 000,000,461 | ---- | C] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2011/08/28 14:57:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/08/28 14:57:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/02/24 12:45:57 | 000,000,125 | ---- | C] () -- C:\Windows\QTW.INI
[2010/06/18 06:17:48 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2010/06/18 06:17:48 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2010/06/18 06:17:48 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2010/06/18 06:17:48 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2010/06/18 06:17:48 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2010/04/03 12:52:07 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010/04/03 12:52:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/12/03 16:47:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/11/21 09:05:37 | 000,000,822 | ---- | C] () -- C:\Windows\eReg.dat
[2009/10/24 12:14:07 | 000,138,056 | ---- | C] () -- C:\Users\Saturn\AppData\Roaming\PnkBstrK.sys
[2009/10/24 12:13:51 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/10/09 12:26:12 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009/08/08 10:49:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/08 10:49:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 06:36:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/01 14:47:11 | 000,041,984 | ---- | C] () -- C:\Users\Saturn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/24 11:23:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/24 11:18:13 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/07/24 11:03:09 | 000,009,665 | ---- | C] () -- C:\Windows\lg_up.ini
[2009/07/24 10:55:51 | 000,000,894 | ---- | C] () -- C:\Windows\lgcenter.ini
[2009/07/24 10:26:05 | 000,007,512 | ---- | C] () -- C:\Users\Saturn\AppData\Local\d3d9caps.dat
[2008/08/29 08:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/06/16 23:51:02 | 000,638,418 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/06/16 23:51:02 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/06/16 23:51:02 | 000,131,526 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/06/16 23:51:02 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/06/10 09:13:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/10 04:50:18 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/05 07:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/22 11:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/06/25 14:34:26 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,259,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,280 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,107,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000/02/09 18:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/02/09 18:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/02/08 16:53:51 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\AIMP
[2010/10/18 05:26:33 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Audacity
[2011/07/13 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/11/30 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\EPSON
[2010/06/20 06:32:45 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\GoPal Assistant
[2011/09/29 07:43:28 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\ICQ
[2010/04/19 15:53:16 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Leadertech
[2011/05/11 12:01:43 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\LolClient
[2011/08/08 07:33:51 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Mount&Blade
[2009/09/20 06:33:52 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\OpenOffice.org
[2011/09/29 02:26:22 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Padserv
[2011/08/28 15:02:55 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\PC Suite
[2010/05/26 08:17:36 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\ProtectDisc
[2011/08/28 14:56:39 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Samsung
[2009/08/01 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Serif
[2010/08/02 06:54:17 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\temp
[2010/03/30 06:48:00 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Thunderbird
[2010/03/15 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\Tobit
[2011/05/21 13:10:36 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\TS3Client
[2010/07/23 06:07:41 | 000,000,000 | ---D | M] -- C:\Users\Saturn\AppData\Roaming\UseNeXT
[2009/07/24 10:22:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/24 10:22:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/24 10:22:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/04/28 14:06:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/10/13 13:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/07/24 10:22:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/05/18 14:31:28 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/08/28 15:02:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/06/18 06:21:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2011/05/31 15:26:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2009/07/24 10:22:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/24 10:22:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/10/03 15:33:34 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/02/21 17:05:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2011/10/04 09:04:33 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
Wäre nun für weitere Anweisungen sehr dankbar.

Alt 05.10.2011, 18:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
[doppelt] Bundespolizei - Trojaner - Standard

[doppelt] Bundespolizei - Trojaner



1x reicht völlig!

http://www.trojaner-board.de/103850-...tml#post706609
__________________

__________________

 

Themen zu [doppelt] Bundespolizei - Trojaner
adobe, antivir, avgnt, avira, bho, defender, desktop, dll, error, erste schritte, firefox, format, logfile, mozilla thunderbird, nvidia, nvlddmkm.sys, realtek, registry, rundll, scan, software, srep.exe, studio, system, trojane, trojaner, vista, windows, wmp, yahoo



Ähnliche Themen: [doppelt] Bundespolizei - Trojaner


  1. Windows7 / Seiten hängen/ Dialoge im TV doppelt /Reklame doppelt gesendet
    Plagegeister aller Art und deren Bekämpfung - 04.01.2015 (16)
  2. Trojaner? doppelt unterstrichene Wörter und unzählige Pop up Fenster!
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (23)
  3. doppelt Trojaner TR/ATRAPS.Gen2 endeckt von Avira
    Mülltonne - 19.09.2012 (0)
  4. doppelt: GVU Trojaner hat mich erwischt
    Mülltonne - 04.07.2012 (0)
  5. Trojaner noch da? csrss.exe doppelt vorhanden
    Log-Analyse und Auswertung - 13.04.2012 (3)
  6. [doppelt] Log-Analyse für Ahnungslosen (Trojaner,...)
    Mülltonne - 10.01.2012 (0)
  7. [doppelt] Gema Trojaner
    Mülltonne - 06.01.2012 (1)
  8. [doppelt] trojaner der ständig runterscrollt:/
    Mülltonne - 02.01.2012 (1)
  9. [doppelt] GEMA Trojaner bei Bekannten
    Mülltonne - 30.12.2011 (1)
  10. [doppelt] trojaner zahlen sie
    Mülltonne - 28.12.2011 (1)
  11. [doppelt] Ebenfalls einen Trojaner...
    Mülltonne - 05.12.2011 (1)
  12. [doppelt]OTLPE kann keine Log-Datei erstellen - Bundespolizei Trojaner
    Mülltonne - 02.12.2011 (2)
  13. [doppelt] Trojanerbefall durch TR/Spy.Banker.Gen2 - Trojaner
    Mülltonne - 19.11.2011 (0)
  14. [doppelt] Virus/Trojaner...
    Mülltonne - 26.10.2011 (1)
  15. Metro Trojaner und DOPPELT
    Mülltonne - 20.06.2011 (1)
  16. Trojaner TR/Kazy.mekml.1 entfernen ( doppelt )
    Mülltonne - 06.05.2011 (1)
  17. Iexplore.exe doppelt und Trojaner Swizzor
    Log-Analyse und Auswertung - 24.08.2005 (4)

Zum Thema [doppelt] Bundespolizei - Trojaner - Hallo zusammen, leider hat es gestern meinen Laptop erwischt und ich habe mir dort den erwähnten Trojaner zu gezogen. Ich habe in diesem Bord bereits einige Beiträge zu diesem Thema - [doppelt] Bundespolizei - Trojaner...
Archiv
Du betrachtest: [doppelt] Bundespolizei - Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.