| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei - National Cyber Crimes Unit: Trojaner eingefangen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.02.2012, 21:07
| #1 |
 |  Bundespolizei - National Cyber Crimes Unit: Trojaner eingefangen! Hallo zusammen, am vergangenen Samstag den 04.02.2012 gegen 21:15 Uhr habe ich mir den im Betreff genannten Trojaner eingefangen. Als ich auf der Internetadresse myp2p.pe einen Link angeklickt habe, um mir einen Online-Stream anzuschauen, öffnete sich ein Fester, welches meinen gesamten Bildschirm eingenommen hat, eben mit dem oben genannten Trojaner. Nachdem ich meinen Laptop nicht mehr bedienen konnteh habe ich ihn im abgesicherten Modus hochgefahren und die Datei, welche aus mehrerer Zahlen bestand, gelöscht. Seit dem funktioniert augenscheinlich mein Laptop wieder einwandfrei, doch habe ich große Bedenken, dass auch wirklich der komplette Trojaner durch die von mir ausgeführte Maßnahme gelöscht wurde und ich keine Bedenken mehr haben muss. Ich hoffe Ihr könnt mir weiterhelfen und bedanke mich bereits im Vorraus recht herzlich für die Hilfe und aufgebrachte Mühe. Beste Grüße, BasKos LogFile Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:57 on 06/02/2012 (Bastian) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- LogFile DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by Bastian at 20:00:08 on 2012-02-06 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1458 [GMT 1:00] . AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\RtkAudioService.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Alwil Software\Avast5\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Users\Bastian\Programme\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Users\Bastian\Programme\napster.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehtray.exe C:\Users\Bastian\AppData\Local\Akamai\netsession_win.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Bastian\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update Common\VUAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.de/ uDefault_Page_URL = hxxp://www.club-vaio.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.club-vaio.com uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; uURLSearchHooks: H - No File BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {56CF4856-ECB4-4E46-A897-A378821F97B9} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [AdobeBridge] uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [ICQ] "c:\progra~1\icq6.5\ICQ.exe" silent uRun: [Facebook Update] "c:\users\bastian\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [Akamai NetSession Interface] "c:\users\bastian\appdata\local\akamai\netsession_win.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [VirtualCloneDrive] "c:\users\bastian\programme\virtual clone drive\virtualclonedrive\VCDDaemon.exe" /s mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [NapsterShell] c:\users\bastian\programme\napster.exe /systray mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft &Excel exportieren - c:\users\bastian\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\users\bastian\progra~1\micros~1\office11\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1FF9E66F-9D0A-408E-8B29-31348A9B2ED0} : DhcpNameServer = 192.168.1.1 Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\common files\fluxdvd\lib\xeb\xebnavigation.ax Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\common files\fluxdvd\lib\xeb\xebnavigation.ax Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: acaptuser32.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\bastian\appdata\roaming\mozilla\firefox\profiles\3b9tu8ju.default\ FF - prefs.js: browser.search.selectedEngine - eBay FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q= FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll FF - plugin: c:\users\bastian\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\users\bastian\appdata\roaming\mozilla\firefox\profiles\3b9tu8ju.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\users\bastian\programme\veetle\player\npvlc.dll FF - plugin: c:\users\bastian\programme\veetle\plugins\npVeetle.dll FF - plugin: c:\users\bastian\programme\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-12-15 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-12-15 195416] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-12-15 111320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-15 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-11-5 314456] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-5 20568] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-5 55128] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 44768] R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-12-15 127192] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-12 299008] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-10 104992] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-10 411488] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-10 9344] R3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2011-10-27 1086568] S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [2010-6-14 474880] S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2009-7-3 41984] S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [2008-11-6 22912] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-12 103712] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-12 353568] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-12 62752] S3 SwitchBoard;SwitchBoard;"c:\program files\common files\adobe\switchboard\switchboard.exe" --> c:\program files\common files\adobe\switchboard\SwitchBoard.exe [?] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2011-12-26 480624] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2011-12-26 83312] . =============== Created Last 30 ================ . 2012-02-04 18:56:44 -------- d-----w- c:\windows\pss 2012-02-03 19:54:39 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d1d57b2d-b22f-4368-be50-8635d53bb73a}\mpengine.dll 2012-01-25 18:51:52 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2012-01-25 18:50:54 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-25 18:50:54 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-25 18:50:54 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-25 18:50:54 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-25 18:50:54 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-25 18:50:54 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-23 19:56:08 -------- d-----w- c:\users\bastian\appdata\roaming\Haufe Mediengruppe 2012-01-23 19:56:08 -------- d-----w- c:\users\bastian\appdata\local\Haufe Mediengruppe 2012-01-23 19:40:01 -------- d-----w- c:\users\bastian\appdata\roaming\Lexware 2012-01-23 19:29:24 -------- d-----w- c:\program files\Microsoft WSE 2012-01-23 19:27:38 -------- d-----w- c:\programdata\Adaptive Server Anywhere 9 2012-01-23 19:18:36 -------- d-----w- c:\program files\Lexware 2012-01-23 19:16:39 -------- d-----w- c:\programdata\lexware 2012-01-23 19:16:13 1929216 ----a-w- c:\windows\system32\cdintf250.dll 2012-01-23 19:15:14 -------- d-----w- c:\program files\Haufe 2012-01-23 19:15:12 -------- d-----w- c:\programdata\Haufe 2012-01-23 19:10:19 -------- d-----w- c:\program files\common files\Lexware 2012-01-23 19:10:18 -------- d-----w- c:\users\bastian\appdata\local\Lexware 2012-01-21 18:21:58 -------- d-----w- c:\program files\iPod 2012-01-21 18:21:55 -------- d-----w- c:\program files\iTunes 2012-01-11 17:12:52 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 17:12:50 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 17:12:50 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 17:12:49 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 17:12:47 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 17:12:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-01-11 17:12:21 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 17:12:21 1314816 ----a-w- c:\windows\system32\quartz.dll . ==================== Find3M ==================== . 2012-01-26 23:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-26 16:56:45 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 20:13:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 20:04:10,51 =============== LogFile Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 05.11.2008 11:11:15 System Uptime: 06.02.2012 18:56:28 (2 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | N/A | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 3,001 GiB free. D: is Removable E: is Removable F: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP995: 28.01.2012 12:21:53 - Removed Lexware buchhalter 2012. RP996: 28.01.2012 12:49:43 - Removed Lexware Admintools Plus. RP997: 28.01.2012 12:58:43 - Removed Haufe iDesk-Browser. RP998: 28.01.2012 13:38:17 - Haufe iDesk-Service wird entfernt RP999: 01.02.2012 17:25:09 - Windows Update RP1000: 03.02.2012 20:52:40 - Windows Update RP1001: 06.02.2012 19:44:42 - Geplanter Prüfpunkt . ==== Installed Programs ====================== . . 7-Zip 9.20 Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Community Help Adobe CS4 American English Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Player Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Reader 8.1.3 - Deutsch Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 AdobeColorCommonSetRGB Akamai NetSession Interface Akamai NetSession Interface Service Any DWG DXF Converter 2010 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft WebCam Companion 2 ATI Catalyst Install Manager Audials avast! Internet Security Bonjour BroadGun pdfMachine Browser Address Error Redirector Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Click to Disc Click to Disc Editor Connect DivX-Setup Facebook Video Calling 1.1.1.1 ffdshow v1.1.3562 [2010-09-07] FreeMind Google SketchUp 7 Google Toolbar for Internet Explorer HDAUDIO SoftV92 Data Fax Modem with SmartCP Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software iTunes Java(TM) 6 Update 24 Java(TM) 6 Update 6 JDownloader 0.9 kuler Live 8.1.4 Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2003 Web Components Microsoft Office Professional Edition 2003 Microsoft Office Small Business Connectivity Components Microsoft Office Visio Professional 2003 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MKV Player 1.0 MobileMe Control Panel MonochromiX 1.41 Mozilla Firefox (3.6.8) MPK mini Editor MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Transfer Napster Napster Burn Engine Nikon Movie Editor OpenMG Secure Module 5.4.00 PDF Settings CS5 PDFCreator Photoshop Camera Raw Pixie 1.4.1 Primo QuickTime Realtek High Definition Audio Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Setting Utility Series SketchUp DWG Importer Skins Skype™ 3.8 Sony Picture Utility Sony Video Shared Library SopCast 3.2.4 Spelling Dictionaries Support For Adobe Reader 8 Suite Shared Configuration CS4 Synaptics Pointing Device Driver Unterstützung für VAIO-Präsentation Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Utherverse VWW Client VAIO Content Folder Setting VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Energie Verwaltung VAIO Entertainment Platform VAIO Event Service VAIO Guide VAIO Launcher VAIO Marketing Tools VAIO Media plus VAIO Movie Story VAIO Movie Story 1.5 Upgrade VAIO Movie Story Template Data VAIO MusicBox VAIO MusicBox Sample Music VAIO Original Function Settings VAIO Original Funktion Einstellungen VAIO Smart Network VAIO Update VAIO Update Merge Module x86 VAIO Wallpaper Contents VC80CRTRedist - 8.0.50727.6195 Veetle TV 0.9.18 VirtualCloneDrive Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 vShare Plugin WinDVD for VAIO WinRAR Yahoo! Detect . ==== End Of File =========================== LogFile Scan: Hier ist es mir leider nicht gelungen, den Scan vollständig auszuführen, da nach kurzer Zeit das Programm aufgrund eines Fehlers abgebrochen wurde und beendet werden musste. Um vielleicht den Fehler zu finden, der dieses Problem auslöst, habe ich einen Screenshot gemacht, welcher sich im Anhang befindet. |
| Themen zu Bundespolizei - National Cyber Crimes Unit: Trojaner eingefangen! |
| 32 bit, antivirus, bildschirm, bonjour, converter, error, excel, firefox, flash player, fontcache, google, home, hängen, link angeklickt, logfile, maßnahme, mozilla, national, plug-in, problem, realtek, scan, security, server, sketchup, software, studio, svchost.exe, system, trojaner, updates, vista 32 bit, visual studio, windows |
Baum-Darstellung