Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 28.08.2013, 12:03   #1
borussiamg19
 
UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts  ändert sich - Standard

UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich



Hallo,

ich habe mir diesen Ukash-Virus eingefangen und habe schon den OTL-Scan gemacht. Könnt Ihr mir da nochmal helfen? Zwischenzeitlich war der übrigens weg...

Hier der OTL-Scan:-danke im voraus:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/27/2013 5:38:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.08 Gb Total Space | 158.80 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 5.70 Gb Free Space | 28.53% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (Winmgmt)
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/08/02 03:04:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 08:45:42 | 000,224,096 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/07/21 05:48:29 | 000,246,112 | ---- | M] () [Auto] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/29 10:20:34 | 000,070,656 | ---- | M] () [Auto] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/08/27 04:13:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 08:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/14 08:45:48 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2013/01/14 08:45:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2012/07/21 05:48:33 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/07/21 05:48:32 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/07/21 05:48:32 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/21 05:48:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/21 05:48:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/21 05:48:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/21 05:48:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/21 05:48:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2008/12/04 13:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/11/21 16:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 19:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/24 23:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Tel_02166-846678_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:36226
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/04/20 17:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2013/01/14 08:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/29 03:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/29 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 03:43:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 03:43:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/29 03:43:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/29 03:43:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/29 03:43:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/29 03:43:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/29 03:43:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BsMnt] C:\Program Files\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tel_02166-846678_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/27 04:13:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/17 07:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/17 07:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/17 07:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/09 04:58:45 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg4
[2013/08/09 04:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg3
[2013/08/09 04:52:06 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg2
[2013/08/09 04:51:58 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\bg1
[2013/08/09 04:41:53 | 000,000,000 | ---D | C] -- C:\Users\Tel 02166-846678\Desktop\norman
[2013/08/02 03:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/30 22:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/27 10:28:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/27 10:28:25 | 000,008,268 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2013/08/27 10:28:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/27 10:27:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 10:27:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 10:27:34 | 2142,109,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 08:38:16 | 000,000,946 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\perdbgmwlaviwtqpbel.lnk
[2013/08/27 08:30:59 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/27 07:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 06:01:59 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/27 06:01:59 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/27 06:01:59 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/27 06:01:59 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/27 05:56:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/08/27 04:13:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/17 07:31:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/06 02:22:31 | 000,001,959 | ---- | M] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/05 03:59:23 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/08/05 03:31:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/02 03:04:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/02 03:04:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp files -> C:\Users\Tel 02166-846678\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/27 08:38:16 | 000,000,946 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\perdbgmwlaviwtqpbel.lnk
[2013/08/02 03:05:21 | 000,001,959 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/30 18:18:33 | 2142,109,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/17 08:04:09 | 000,000,017 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Roaming\blckdom.res
[2012/08/04 10:57:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/04/24 11:21:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/14 14:05:52 | 000,008,268 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\d3d9caps.dat
[2012/02/04 03:24:31 | 000,000,316 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Public (2).lnk
[2011/08/03 15:46:25 | 000,026,624 | ---- | C] () -- C:\Users\Tel 02166-846678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/19 06:19:36 | 000,228,719 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/06/19 06:19:36 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/06/12 13:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 13:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/09 19:45:10 | 000,003,584 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:45:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/09 19:45:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CF8102F615.sys
[2009/04/20 15:54:41 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/20 15:54:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/20 15:54:41 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/20 15:54:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/20 06:34:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/04/20 06:24:57 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/04/20 06:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,396,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
 
========== LOP Check ==========
 
[2012/10/17 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.089
[2012/10/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.090
[2012/10/22 09:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\10001.091
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ezat
[2012/05/20 10:51:25 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Fasuf
[2013/08/01 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\IBP
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\ICQ
[2012/12/20 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Icypun
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ihinqa
[2012/05/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Imhu
[2013/07/25 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Jpeg Resampler
[2012/10/17 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\kock
[2012/12/20 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\MediaMonkey
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Mohy
[2012/12/20 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Ofely
[2012/05/14 03:12:11 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Oflev
[2012/07/02 11:07:46 | 000,000,000 | RHSD | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\System32
[2013/01/14 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\T-Mobile
[2012/05/17 04:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Taepwo
[2012/05/14 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\TeamViewer
[2012/10/18 03:18:35 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UAs
[2012/05/17 04:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Umgyi
[2013/08/17 07:46:36 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\UseNeXT
[2012/10/17 08:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\xmldm
[2012/05/20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tel 02166-846678\AppData\Roaming\Yrepw
[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/08/27 05:56:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

LG

 

Themen zu UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich
.dll, administrator, adobe, adobe flash player, autorun, bho, bonjour, desktop, error, explorer, firefox, flash player, format, helper, home, launch, logfile, malwarebytes, microsoft, nvidia, object, plug-in, realtek, registry, ukash, usb, vista, yahoo




Ähnliche Themen: UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich


  1. Virus aber Programm findet nichts
    Log-Analyse und Auswertung - 02.04.2015 (3)
  2. OTLPE Scan gemacht, was nun? (AKM-Trojaner?)
    Log-Analyse und Auswertung - 08.02.2015 (15)
  3. Ukash Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (19)
  4. Windows 7: Kaspersky findet nichts aber der Rechner verhält sich sehr auffällig
    Log-Analyse und Auswertung - 31.05.2013 (20)
  5. Masterboot Virus, glaube ich, aber es wird nichts erkannt
    Mülltonne - 11.05.2013 (0)
  6. Ukash Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  7. Bundespolizeitrojaner - Scan ist gemacht - wie weiter
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (13)
  8. T-Online sagt Virus aber nichts wird gefunden...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  9. Ukash Virus eingefangen
    Log-Analyse und Auswertung - 27.10.2012 (35)
  10. Ukash Polizei Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (29)
  11. Ukash Trojaner eingefangen, OTL-Scan ausgeführt
    Log-Analyse und Auswertung - 19.08.2012 (2)
  12. Bundespolizei Virus (mit Ukash) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (2)
  13. Bundespolizei Virus, OTL Scan gemacht. Wie weiter?
    Log-Analyse und Auswertung - 10.10.2011 (24)
  14. Virus eingefangen aber welcher? Einstellungen ändern sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (1)
  15. Desktop schon lange sichtbar, aber nichts reagiert - Virus?
    Log-Analyse und Auswertung - 26.03.2010 (3)
  16. Ich hoffe, ich hab nichts noch schlimmer gemacht
    Log-Analyse und Auswertung - 26.02.2008 (6)
  17. HiJackThis Scan gemacht und nun?
    Mülltonne - 05.09.2007 (2)

Zum Thema UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich - Hallo, ich habe mir diesen Ukash-Virus eingefangen und habe schon den OTL-Scan gemacht. Könnt Ihr mir da nochmal helfen? Zwischenzeitlich war der übrigens weg... Hier der OTL-Scan:-danke im voraus:OTL Logfile: - UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich...
Archiv
Du betrachtest: UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.