Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7 BKA Virus 1.13 [Logs im Thread]

Win7 BKA Virus 1.13 [Logs im Thread]


Log-Analyse und Auswertung: Win7 BKA Virus 1.13 [Logs im Thread]

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.09.2012, 12:54   #1
CaponeFTW
 
Win7 BKA Virus 1.13 [Logs im Thread] - Standard

Win7 BKA Virus 1.13 [Logs im Thread]


Hallo Leute, ich habe mir gestern den BKA Virus 1.13 auf Windows7 32bit eingefangen, habe mit OTLpe gescannt und die beiden Files sind im Anhang dabei, hoffe ihr könnt mir schritt-für-schritt helfen danke !

OTL.txt
Code:
ATTFilter
OTL logfile created on: 9/21/2012 2:47:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 195.64 Gb Free Space | 84.04% Space Free | Partition Type: NTFS
Drive E: | 7.21 Gb Total Space | 7.15 Gb Free Space | 99.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/09/10 08:12:02 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 17:35:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/14 11:20:22 | 000,109,064 | ---- | M] (Wajam) [On_Demand] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/09 12:53:16 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/17 18:58:14 | 000,206,336 | ---- | M] (Iomega Corp) [Auto] -- C:\Program Files\Iomega Storage Manager\pCloudd.exe -- (PCloudd)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - [2012/08/05 09:53:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/06/09 12:53:15 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012/03/02 10:06:50 | 000,190,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012/01/25 06:23:10 | 000,319,264 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011/01/20 16:17:12 | 000,017,464 | ---- | M] (Iomega Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vNICdrv.sys -- (vNICdrv)
DRV - [2010/12/01 02:52:28 | 000,023,296 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\rp24msdrv.sys -- (rp24msdrv)
DRV - [2010/11/20 17:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 17:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Dirk_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Dirk_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Dirk_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 F6 C1 82 5E 46 CD 01  [binary data]
IE - HKU\Dirk_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 08:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/06/09 12:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\Mozilla\Extensions
[2012/09/20 15:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\pqq021ct.default\extensions
[2012/09/10 08:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\DIRK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PQQ021CT.DEFAULT\EXTENSIONS\INFO@CONVERT2MP3.NET.XPI
[2012/09/10 08:12:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 12:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 08:53:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 12:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/01 12:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/01 12:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/01 12:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [Rapoo 9200] C:\Program Files\Rapoo\9200\9200_Mouse.exe ()
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\Dirk_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Dirk_ON_C..\Run: [kgpexrkjsklwtxl] C:\Windows\kgpexrkj.exe ()
O4 - HKU\Dirk_ON_C..\Run: [Spotify] C:\Users\Dirk\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Dirk_ON_C..\Run: [Spotify Web Helper] C:\Users\Dirk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Dirk_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{14c28e14-b250-11e1-b10b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{14c28e14-b250-11e1-b10b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_Start.exe _e_f_g_i_j_k_bp_es_ru_cs_ar_he_pl_sv_tr_
O33 - MountPoints2\{3b8aca8b-def9-11e1-b97c-00256454f823}\Shell - "" = AutoRun
O33 - MountPoints2\{3b8aca8b-def9-11e1-b97c-00256454f823}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/21 14:47:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/21 00:48:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/20 19:19:37 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/09/20 16:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\xdbefuexsdqxgve
[2012/09/19 09:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2012/09/19 09:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2012/09/19 09:26:07 | 000,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012/09/19 09:21:28 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Documents\Tiger Woods PGA TOUR 12 The Masters
[2012/09/19 09:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Tiger Woods 12 Masters
[2012/09/19 09:07:43 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Origin
[2012/09/19 09:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/09/19 09:02:37 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\rld-pga12
[2012/09/12 08:31:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 08:31:10 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 08:31:10 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 08:31:10 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/10 08:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/08 07:11:07 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\OpenOffice.org
[2012/09/08 07:10:08 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/09/08 07:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/09/08 07:07:33 | 000,000,000 | ---D | C] -- C:\Open Office
[2012/08/31 06:10:36 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\Neuer Ordner
[2011/10/13 05:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/21 07:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 07:25:50 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 07:24:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/20 19:01:32 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/20 19:01:32 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/20 19:01:32 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/20 19:01:32 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/20 17:13:12 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 17:13:12 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 16:51:19 | 000,076,340 | ---- | M] () -- C:\ProgramData\uzrhwngaskpwngq
[2012/09/20 16:50:22 | 000,084,480 | ---- | M] () -- C:\Windows\kgpexrkj.exe
[2012/09/20 16:50:22 | 000,084,480 | ---- | M] () -- C:\ProgramData\kgpexrkj.exe
[2012/09/19 09:26:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/09/19 09:26:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2012/09/19 09:21:14 | 000,001,622 | ---- | M] () -- C:\Users\Dirk\Desktop\Tiger Woods 12 Masters.exe.lnk
[2012/09/12 08:32:27 | 000,000,507 | ---- | M] () -- C:\Windows\ulead32.ini
[2012/09/10 07:31:01 | 000,328,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/08 07:11:18 | 000,001,197 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/09/08 07:10:16 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
 
========== Files Created - No Company Name ==========
 
[2012/09/20 16:51:15 | 000,084,480 | ---- | C] () -- C:\Windows\kgpexrkj.exe
[2012/09/20 16:51:15 | 000,084,480 | ---- | C] () -- C:\ProgramData\kgpexrkj.exe
[2012/09/20 16:50:25 | 000,076,340 | ---- | C] () -- C:\ProgramData\uzrhwngaskpwngq
[2012/09/19 09:26:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/09/19 09:21:14 | 000,001,622 | ---- | C] () -- C:\Users\Dirk\Desktop\Tiger Woods 12 Masters.exe.lnk
[2012/09/08 07:11:18 | 000,001,197 | ---- | C] () -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/06/10 08:45:50 | 000,000,507 | ---- | C] () -- C:\Windows\ulead32.ini
[2012/06/09 12:53:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/06/09 12:51:59 | 001,478,609 | ---- | C] () -- C:\Windows\unins000.exe
[2012/06/09 12:51:59 | 000,023,296 | ---- | C] () -- C:\Windows\System32\drivers\rp24msdrv.sys
[2012/06/09 12:51:59 | 000,015,496 | ---- | C] () -- C:\Windows\unins000.dat
[2011/10/13 05:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/10/13 05:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/10/13 05:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/10/13 05:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/11 21:30:05 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/11 21:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/11 21:30:05 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/11 21:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/11/20 17:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/20 17:29:24 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,328,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2012/08/05 09:54:51 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\DAEMON Tools Lite
[2012/09/08 07:11:07 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\OpenOffice.org
[2012/09/19 09:09:58 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Origin
[2012/06/24 05:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\PacificPoker
[2012/09/21 07:24:48 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Spotify
[2012/07/30 10:02:23 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Zylom
[2012/06/09 12:35:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/09/02 11:02:05 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2012/06/10 06:52:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Boss Media
[2012/07/08 04:59:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/08/05 09:54:53 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/06/09 12:35:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/06/09 12:52:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DriverGenius
[2012/06/09 12:35:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/09/19 09:14:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/06/09 12:35:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/06/10 08:45:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2012/06/09 12:35:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/09/20 16:51:20 | 000,000,000 | ---D | M] -- C:\ProgramData\xdbefuexsdqxgve
[2012/07/30 10:02:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2009/07/14 00:53:46 | 000,028,100 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 18 bytes -> C:\Users\Dirk:zylomtr{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUV}
< End of report >
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 9/21/2012 2:47:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 195.64 Gb Free Space | 84.04% Space Free | Partition Type: NTFS
Drive E: | 7.21 Gb Total Space | 7.15 Gb Free Space | 99.16% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risiko II
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47491961-C944-4FD9-A023-33C6E724F108}_is1" = Rapoo 9200 Mouse Driver V1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10 TBYB
"5513-1208-7298-9440" = JDownloader 0.9
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Iomega Storage Manager" = Iomega Storage Manager
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ParadisePoker " = ParadisePoker
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player 2.0.1
"Wajam" = Wajam
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Dirk_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
< End of report >

Alt 22.09.2012, 14:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 BKA Virus 1.13 [Logs im Thread] - Standard

Win7 BKA Virus 1.13 [Logs im Thread]


Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________
Antwort

Themen zu Win7 BKA Virus 1.13 [Logs im Thread]
adapter, adobe, adobe flash player, bho, defender, driver genius, error, explorer, explorer.exe, firefox, flash player, format, helper, install.exe, jdownloader, kaspersky, logfile, microsoft, monitor.exe, mozilla, object, plug-in, realtek, registry, rundll, security, software, spotify web helper, usb 2.0, virus, wajam, windows, winlogon


« Bundestrojaner dateien verschlüsselt | WORM/Dorkbot.A.2325 »


Ähnliche Themen: Win7 BKA Virus 1.13 [Logs im Thread]


  1. csrss.exe vermutlich Virus? Datei mehmals vorhanden und GMER zeigt sie mir als Thread
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (16)
  2. Windows 7 - Trojaner ADH 2 Logs im Thread
    Log-Analyse und Auswertung - 10.09.2014 (13)
  3. Smilie Virus? Bild siehe Thread
    Plagegeister aller Art und deren Bekämpfung - 21.04.2014 (16)
  4. [win7] wajam und VeberGreat entfernt. Logs ok?
    Log-Analyse und Auswertung - 15.04.2014 (1)
  5. hier die Logs in Bezug zu meinem Problem in dem anderen Forum Thread von mir... ist wahrschienlich eine Spyware
    Mülltonne - 10.12.2013 (1)
  6. GVU Trojaner auf Sony Vaio Win7. Logs von OTL
    Log-Analyse und Auswertung - 26.06.2013 (6)
  7. WIN7 GVU-Trojaner 2.07! Brauche Hilfe! Logs vorhanden!
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (6)
  8. Win7 64bit, Bka Trojaner Befall, OTL und Malware Logs
    Log-Analyse und Auswertung - 23.07.2012 (15)
  9. Bundespolizei-Virus....OTL-logs im Anhang....windows.exe?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (3)
  10. jashla.exe / BKA-Virus -> meine Logs
    Mülltonne - 07.09.2011 (1)
  11. Metropolitan Police Virus und OTL logs
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (5)
  12. Unerkannter Virus? (Unbekannter Benutzer, non-existing Thread, ...)
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (11)
  13. kann nicht in den "errinnerung an meinen thread"-thread reinposten
    Log-Analyse und Auswertung - 15.07.2010 (0)
  14. Virus-scan fand trojan.Dropper, GayCodec.lookAlert...(vollständige liste im thread)
    Log-Analyse und Auswertung - 07.01.2010 (30)
  15. PC mit Trojaner und Virus infiziert (hijaktis+malwarebytes logs)
    Plagegeister aller Art und deren Bekämpfung - 08.02.2009 (7)
  16. msn virus HiJackThis Logs
    Log-Analyse und Auswertung - 02.10.2008 (2)
  17. Virus W32.NSAG.B...Bitte um Kontrolle des HJT-Logs
    Plagegeister aller Art und deren Bekämpfung - 10.11.2005 (25)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7 BKA Virus 1.13 [Logs im Thread] - Hallo Leute, ich habe mir gestern den BKA Virus 1.13 auf Windows7 32bit eingefangen, habe mit OTLpe gescannt und die beiden Files sind im Anhang dabei, hoffe ihr könnt mir - Win7 BKA Virus 1.13 [Logs im Thread]...
Archiv
Du betrachtest: Win7 BKA Virus 1.13 [Logs im Thread] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130