Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BKA-Malware

BKA-Malware


Plagegeister aller Art und deren Bekämpfung: BKA-Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.10.2011, 16:29   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Malware - Standard

BKA-Malware


Ist Windows jetzt bedienbar oder nicht?
Wenn nicht wie gesagt ein neues OTLPE-Log machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.10.2011, 19:16   #2
opteryx
 
BKA-Malware - Standard

BKA-Malware


Windows ist nicht bedienbar. Hier die Logfile des aktuellen Scans:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/16/2011 9:08:26 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
985.00 Mb Total Physical Memory | 727.00 Mb Available Physical Memory | 74.00% Memory free
876.00 Mb Paging File | 787.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\windows | %ProgramFiles% = F:\Program Files
Drive C: | 200.00 Mb Total Space | 171.82 Mb Free Space | 85.91% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 398.03 Gb Free Space | 85.46% Space Free | Partition Type: NTFS
Drive E: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.66% Space Free | Partition Type: NTFS
Drive F: | 187.69 Gb Total Space | 106.20 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/31 11:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 08:43:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 13:31:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/25 09:03:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 14:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 10:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand] -- F:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 10:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto] -- F:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto] -- F:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/04 15:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/16 05:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (USBCCID)
DRV - File not found [Kernel | On_Demand] --  -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] --  -- (RSUSBSTOR)
DRV - [2011/08/31 11:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/01 08:44:03 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 08:44:03 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/09 05:20:27 | 000,054,800 | ---- | M] () [Kernel | System] -- F:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/09/14 14:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/28 17:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 17:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- F:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 08:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/19 12:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/06/14 22:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 09:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/08/06 08:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Der_Stutz_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Gast_ON_F\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\Gast_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\Gast_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Romilda_ON_F\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\Romilda_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\Romilda_ON_F\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Romilda_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 06:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 15:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/15 03:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/09/29 17:04:39 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Der Stutz\AppData\Roaming\Mozilla\Extensions
[2010/09/29 17:04:39 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Der Stutz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/10 07:18:06 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Der Stutz\AppData\Roaming\Mozilla\Firefox\Profiles\k2ihuyvt.default\extensions
[2011/09/12 15:41:46 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/09/12 15:41:46 | 000,000,000 | ---D | M] (Skype extension) -- F:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2011/09/08 06:59:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/31 15:09:48 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/31 15:09:48 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/31 15:09:48 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/31 15:09:48 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/31 15:09:48 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/31 15:09:48 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/10/03 04:41:46 | 000,000,098 | ---- | M]) - F:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\Der_Stutz_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Romilda_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] F:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] F:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] F:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] F:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\Der_Stutz_ON_F..\Run: [avupdate]  File not found
O4 - HKU\Der_Stutz_ON_F..\Run: [Corel Photo Downloader] F:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\Der_Stutz_ON_F..\Run: [EA Core]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\Romilda_ON_F..\RunOnce: [FlashPlayerUpdate] F:\windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: F:\Users\Der Stutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Der_Stutz_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Der_Stutz_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Der_Stutz_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Romilda_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Romilda_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Romilda_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/14 16:51:42 | 000,000,000 | -HSD | C] -- F:\found.000
[2011/10/02 04:19:30 | 002,237,440 | R--- | C] (OldTimer Tools) -- F:\OTLPE.exe
[2011/10/02 04:19:24 | 000,000,000 | ---D | C] -- F:\_OTL
[2011/10/01 14:42:07 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2011/09/25 17:02:09 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Roaming\Winamp
[2011/09/25 17:00:23 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Local\{815A9AC8-166A-4769-B204-DC8B50944592}
[2011/09/25 16:59:27 | 000,000,000 | ---D | C] -- F:\Users\Romilda\AppData\Roaming\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/16 11:52:10 | 000,067,584 | --S- | M] () -- F:\windows\bootstat.dat
[2011/10/16 10:25:39 | 230,968,417 | ---- | M] () -- F:\windows\MEMORY.DMP
[2011/10/16 10:25:34 | 774,320,128 | -HS- | M] () -- F:\hiberfil.sys
[2011/10/16 10:23:49 | 000,001,100 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 08:44:06 | 000,001,104 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 07:11:42 | 000,009,696 | ---- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 07:11:42 | 000,009,696 | ---- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 07:05:22 | 000,001,348 | ---- | M] () -- F:\Users\Der Stutz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/16 07:05:22 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/30 16:36:03 | 000,000,000 | ---- | M] () -- F:\Users\Der Stutz\AppData\Local\{231CDFCB-175B-49E5-B6DE-671CC2900DA4}
[2011/09/30 11:27:20 | 000,009,800 | ---- | M] () -- F:\bootsqm.dat
 
========== Files Created - No Company Name ==========
 
[2011/09/30 16:36:03 | 000,000,000 | ---- | C] () -- F:\Users\Der Stutz\AppData\Local\{231CDFCB-175B-49E5-B6DE-671CC2900DA4}
[2011/09/30 11:27:20 | 000,009,800 | ---- | C] () -- F:\bootsqm.dat
[2011/05/19 15:51:08 | 000,000,136 | ---- | C] () -- F:\ProgramData\~27516664r
[2011/05/19 15:51:08 | 000,000,112 | ---- | C] () -- F:\ProgramData\~27516664
[2011/05/19 15:50:52 | 000,000,392 | ---- | C] () -- F:\ProgramData\27516664
[2011/05/08 13:54:57 | 000,116,224 | ---- | C] () -- F:\windows\System32\pdfcmnnt.dll
[2010/10/10 14:34:07 | 000,003,584 | ---- | C] () -- F:\Users\Der Stutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 14:21:26 | 000,000,097 | ---- | C] () -- F:\Users\Der Stutz\AppData\Local\fusioncache.dat
[2010/10/05 05:56:14 | 000,000,056 | ---- | C] () -- F:\ProgramData\ezsidmv.dat
[2010/06/26 06:54:21 | 000,000,000 | ---- | C] () -- F:\windows\PowerReg.dat
[2010/02/09 05:21:22 | 002,110,728 | ---- | C] () -- F:\windows\System32\Apblend.dll
[2010/02/09 05:21:22 | 001,410,312 | ---- | C] () -- F:\windows\System32\IcnOvrly.dll
[2010/02/09 05:21:22 | 001,171,456 | ---- | C] () -- F:\windows\System32\PicNotify.dll
[2010/02/09 05:21:22 | 000,660,744 | ---- | C] () -- F:\windows\System32\EncIcons.dll
[2010/02/09 05:21:22 | 000,513,288 | ---- | C] () -- F:\windows\System32\SimpleExt.dll
[2010/02/09 05:21:02 | 001,044,480 | ---- | C] () -- F:\windows\System32\3DImageRenderer.dll
[2010/02/09 05:20:27 | 000,057,344 | ---- | C] () -- F:\windows\AsfHelper.dll
[2010/02/09 05:20:27 | 000,054,800 | ---- | C] () -- F:\windows\System32\drivers\funfrm.sys
[2010/02/09 05:20:14 | 000,163,840 | ---- | C] () -- F:\windows\System32\SM37XCoInst.dll
[2010/02/09 05:18:40 | 000,140,288 | ---- | C] () -- F:\windows\System32\igfxtvcx.dll
[2010/02/09 05:14:00 | 000,016,648 | R--- | C] () -- F:\windows\System32\LogAPI.dll
[2010/02/09 05:11:31 | 000,982,220 | ---- | C] () -- F:\windows\System32\igkrng500.bin
[2010/02/09 05:11:31 | 000,134,592 | ---- | C] () -- F:\windows\System32\igfcg500.bin
[2010/02/09 05:11:31 | 000,092,216 | ---- | C] () -- F:\windows\System32\igfcg500m.bin
[2010/02/09 05:11:30 | 000,439,300 | ---- | C] () -- F:\windows\System32\igcompkrng500.bin
[2010/01/18 20:37:21 | 000,700,874 | ---- | C] () -- F:\windows\System32\perfh007.dat
[2010/01/18 20:37:21 | 000,295,922 | ---- | C] () -- F:\windows\System32\perfi007.dat
[2010/01/18 20:37:21 | 000,147,528 | ---- | C] () -- F:\windows\System32\perfc007.dat
[2010/01/18 20:37:21 | 000,038,104 | ---- | C] () -- F:\windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\windows\bootstat.dat
[2009/07/14 00:33:53 | 001,792,864 | ---- | C] () -- F:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,662,716 | ---- | C] () -- F:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,123,910 | ---- | C] () -- F:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- F:\windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\windows\System32\mlang.dat
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelSwedish.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelSpanish.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelPortugese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelKorean.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelJapanese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelGerman.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- F:\windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/02/09 05:20:27 | 000,000,000 | ---D | M] -- F:\ProgramData\EasyCapture
[2011/05/06 16:19:16 | 000,000,000 | ---D | M] -- F:\ProgramData\Electronic Arts
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/02/09 05:11:02 | 000,000,000 | ---D | M] -- F:\ProgramData\PC-Doctor for Windows
[2010/02/09 05:11:01 | 000,000,000 | ---D | M] -- F:\ProgramData\PCDr
[2011/06/08 04:14:46 | 000,000,000 | ---D | M] -- F:\ProgramData\PhotoStitch
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2010/01/18 13:05:55 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/10/11 04:56:10 | 000,000,000 | ---D | M] -- F:\ProgramData\Ulead Systems
[2010/06/25 16:44:20 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2010/01/18 13:04:53 | 000,000,000 | ---D | M] -- F:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/08/25 06:59:19 | 000,032,632 | ---- | M] () -- F:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

Wobei man auch sagen muss, dass die Laufwerksbuchstaben vertauscht sind. F sollte eigentlich C sein
__________________
Antwort

Themen zu BKA-Malware
aufforderung, aufrufe, bekannte, benutzerkonten, bildschirm, dankbar, eingefangen, erschein, gefangen, gen, hilfe!, hängt, laptop, neulich, sofort, troja, trojaner-board, versuche, zahlen


« Data Restore - PC fährt nicht hoch | svchost frisst arbeitsspeicher, ungewollte umleitung bei klick auf link usw. »


Ähnliche Themen: BKA-Malware


  1. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  2. GDATA und Malware Bytes Anti Malware Premium sinnvoll
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2014 (1)
  3. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  4. Malware Anti-Malware Scan meldet: pup.optional.opencandy
    Log-Analyse und Auswertung - 06.03.2014 (15)
  5. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  6. malware: antivirus security pro -anty-malware lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (15)
  7. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  8. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  9. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  10. OpenCandy [Malware] auf dem Rechner, aber Anti-Malware Programme finden keine Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  11. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  12. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  13. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  14. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  15. Malware, die Google-Suche betrifft und Malware-Entfernungsprogramme blockiert
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (2)
  16. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  17. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA-Malware - Ist Windows jetzt bedienbar oder nicht? Wenn nicht wie gesagt ein neues OTLPE-Log machen - BKA-Malware...
Archiv
Du betrachtest: BKA-Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19