Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA-Trojaner Österreich Version 26.07.

BKA-Trojaner Österreich Version 26.07.


Log-Analyse und Auswertung: BKA-Trojaner Österreich Version 26.07.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.07.2012, 21:12   #3
Boblerone
 
BKA-Trojaner Österreich Version 26.07. - Standard

BKA-Trojaner Österreich Version 26.07.


Wow vielen dank für die Schnelle Antwort.

Hier is noch der Inhalt des Files:


Code:
ATTFilter
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFE32ED1-EC75-4DD3-B999-EB6DEEBF45BD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFE32ED1-EC75-4DD3-B999-EB6DEEBF45BD}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFE32ED1-EC75-4DD3-B999-EB6DEEBF45BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFE32ED1-EC75-4DD3-B999-EB6DEEBF45BD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFE32ED1-EC75-4DD3-B999-EB6DEEBF45BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFE32ED1-EC75-4DD3-B999-EB6DEEBF45BD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.at" removed from browser.startup.homepage
Prefs.js: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery deleted successfully.
C:\Users\irmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\z7_0ytr.pad moved successfully.
C:\Windows\Tasks\HPCeeScheduleForirmi.job moved successfully.
C:\Windows\Tasks\HPCeeScheduleForIRMI-HP$.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\irmi\Desktop\cmd.bat deleted successfully.
C:\Users\irmi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: irmi
->Temp folder emptied: 348156963 bytes
->Temporary Internet Files folder emptied: 214481788 bytes
->Java cache emptied: 54572340 bytes
->FireFox cache emptied: 133550165 bytes
->Flash cache emptied: 57413 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 274137634 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 175836417 bytes
 
Total Files Cleaned = 1,145.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: irmi
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: irmi
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.54.1 log created on 07262012_220138

Files\Folders moved on Reboot...
C:\Users\irmi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDPRYF4\api[1].htm moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDPRYF4\button-flex-blue2[1].png moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQUUIN03\api[1].htm moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQUUIN03\tick-blue[1].png moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U60ZDS\background_banner_7_de[1].jpg moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HXTABXE\background-banner-middle-v9[1].jpg moved successfully.
C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HXTABXE\background-banner-right-v9[1].jpg moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\irmi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDPRYF4\api[1].htm not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKDPRYF4\button-flex-blue2[1].png not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQUUIN03\api[1].htm not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQUUIN03\tick-blue[1].png not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U60ZDS\background_banner_7_de[1].jpg not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HXTABXE\background-banner-middle-v9[1].jpg not found!
File C:\Users\irmi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HXTABXE\background-banner-right-v9[1].jpg not found!
[2012/07/26 22:09:10 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
lg Boblerone
__________________
 

Themen zu BKA-Trojaner Österreich Version 26.07.
antivirus, autorun, avast, bho, converter, ctfmon.lnk, defender, desktop, download, excel, explorer, firefox, format, helper, home, icreinstall, index, intranet, logfile, mozilla, mp3, nvidia, pdf, plug-in, realtek, recycle.bin, registry, rty0_7z.exe, scan, searchscopes, services.exe, software, wildtangent games, windows


« Verschiedene Trojaner und Viren | GVU-Trojaner mit webcam-bild, otl scan mitgeliefert »


Ähnliche Themen: BKA-Trojaner Österreich Version 26.07.


  1. Polizeitrojaner - Österreich Version
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (35)
  2. Bundespolizei-Virus Version Österreich, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  3. BKA Österreich Version
    Plagegeister aller Art und deren Bekämpfung - 31.03.2013 (15)
  4. Befall mit Polizei-Trojaner (Österreich-Version, mit Webcam-Aktivierung)
    Plagegeister aller Art und deren Bekämpfung - 04.11.2012 (9)
  5. BKA Virus Österreich Version
    Log-Analyse und Auswertung - 01.11.2012 (8)
  6. Österreich Polizei Virus Version 1.13, Kaspresky WindowsUnlocker hat nicht funktioniert
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (14)
  7. Polizei-Virus Österreich-Version
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  8. infiziert mit polizeitrojaner / österreich-version
    Log-Analyse und Auswertung - 22.08.2012 (9)
  9. Polizeitrojaner (Österreich) Der PC ist für die Verletzung der Gesetzte der Rep. Österreich...
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  10. BKA Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (14)
  11. Polizei Virus Maleware, Österreich Version 1.13, Kaspresky WindowsUnlocker fehlgeschlagen
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (13)
  12. Habe mir Österreich-Version des Polizei-Trojaners eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (20)
  13. Verschlüsselungstrojaner Österreich Version "Der Computer ist (...)Republik Österreich blockiert"
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (3)
  14. BKA Trojaner Österreich - ganz neue Version - Win XP
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (9)
  15. Bundespolizei Einheit 5.2 Infektion Österreich Version
    Log-Analyse und Auswertung - 22.07.2012 (10)
  16. Unüblicher BPD 5.2 Trojaner (österreich) Version
    Log-Analyse und Auswertung - 17.07.2012 (1)
  17. Polizei Trojaner (Österreich Version)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA-Trojaner Österreich Version 26.07. - Wow vielen dank für die Schnelle Antwort. Hier is noch der Inhalt des Files: Code: Alles auswählen Aufklappen ATTFilter All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| - BKA-Trojaner Österreich Version 26.07....
Archiv
Du betrachtest: BKA-Trojaner Österreich Version 26.07. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131