Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner Logfile

BKA Trojaner Logfile


Log-Analyse und Auswertung: BKA Trojaner Logfile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.04.2011, 19:00   #1
Tazzilo
 
BKA Trojaner Logfile - Standard

BKA Trojaner Logfile


wie sooft auch hier das LOG file mit BKA-Trojaner.

Vielen Dank für eure Hilfe



OTL logfile created on: 4/27/2011 7:36:41 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 24.76 Gb Free Space | 35.61% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.44 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 05:18:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/19 03:18:58 | 001,942,416 | ---- | M] (Bandoo Media Inc.) [Auto] -- C:\Program Files\Fun4IM\Bandoo.exe -- (Fun4IM Coordinator)
SRV - [2010/08/02 11:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 08:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/07/20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/17 05:18:03 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 06:11:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/18 01:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 22:32:21 | 000,021,560 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2007/04/17 14:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2005/04/12 04:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0908&m=emg520
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0908&m=emg520


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0908&m=emg520
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/402
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Sebastian_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 08:36:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 08:36:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\tb2\components [2011/03/07 06:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\tb2\plugins

[2011/02/17 16:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 16:18:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/04 13:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/04 13:17:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/18 19:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
[2011/03/03 18:28:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/03 18:28:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/03 18:28:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/28 04:41:02 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2011/03/03 18:28:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/03 18:28:53 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\Sebastian_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 1200 Series] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZyEmachine.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [KUGHGZXAKT] File not found
O4 - HKU\.DEFAULT..\Run: [Metropolis] File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Sebastian_ON_C..\Run: [Kbadv] C:\Users\Sebastian\AppData\Roaming\Atlcom\pnpnew.exe ()
O4 - Startup: Error locating startup folders.
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\fun4im\bndhook.dll) - C:\Program Files\Fun4IM\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Sebastian_ON_C Winlogon: Shell - (C:\Users\SEBAST~1\AppData\Local\Temp\98qgfix6.exe) - C:\Users\Sebastian\AppData\Local\Temp\98qgfix6.exe ()
O29 - HKLM SecurityProviders - (miknclbd.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 12:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 12:23:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 12:22:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 12:22:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 12:22:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 12:22:12 | 2072,911,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 11:21:13 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/27 11:21:13 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 11:21:13 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/27 11:21:13 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 09:22:43 | 000,112,343 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100059-11 Katharina Raufeisen.pdf
[2011/04/27 09:07:41 | 000,111,490 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100058-11 Veronika Amme.pdf
[2011/04/27 08:04:22 | 000,127,501 | ---- | M] () -- C:\Users\Sebastian\Desktop\1610057-11 Tobi.pdf
[2011/04/20 09:17:22 | 000,062,088 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100056-11 Ludwig Pils.pdf
[2011/04/16 14:17:06 | 000,113,417 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth (1).pdf
[2011/04/16 14:16:45 | 000,113,413 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth.pdf
[2011/04/16 08:31:04 | 002,257,500 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-komm-essen.pdf
[2011/04/16 08:30:59 | 001,615,997 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-dessert.pdf
[2011/04/16 08:30:50 | 001,395,644 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-wochenkarte.pdf
[2011/04/16 08:30:41 | 001,997,103 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-0815.pdf
[2011/04/15 08:54:50 | 000,114,320 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100053-11 Verena Schultz.pdf
[2011/04/15 07:39:06 | 000,127,591 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100052-11 Faru Augustin.pdf
[2011/04/13 06:52:43 | 000,109,850 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100051-11 Fabian Noto.pdf
[2011/04/12 07:55:28 | 000,118,620 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100050-11 Herr Viktor Mraz.pdf
[2011/04/06 13:05:58 | 000,056,566 | ---- | M] () -- C:\Users\Sebastian\Desktop\16101011 Frau Gladitsch.pdf
[2011/04/05 05:23:44 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 09:22:06 | 000,112,343 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100059-11 Katharina Raufeisen.pdf
[2011/04/27 09:07:00 | 000,111,490 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100058-11 Veronika Amme.pdf
[2011/04/27 08:03:35 | 000,127,501 | ---- | C] () -- C:\Users\Sebastian\Desktop\1610057-11 Tobi.pdf
[2011/04/20 09:17:21 | 000,062,088 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100056-11 Ludwig Pils.pdf
[2011/04/16 14:17:05 | 000,113,417 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth (1).pdf
[2011/04/16 14:16:45 | 000,113,413 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth.pdf
[2011/04/16 08:31:03 | 002,257,500 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-komm-essen.pdf
[2011/04/16 08:30:58 | 001,615,997 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-dessert.pdf
[2011/04/16 08:30:49 | 001,395,644 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-wochenkarte.pdf
[2011/04/16 08:30:39 | 001,997,103 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-0815.pdf
[2011/04/15 08:54:49 | 000,114,320 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100053-11 Verena Schultz.pdf
[2011/04/15 07:39:05 | 000,127,591 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100052-11 Faru Augustin.pdf
[2011/04/13 06:52:42 | 000,109,850 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100051-11 Fabian Noto.pdf
[2011/04/12 07:55:28 | 000,118,620 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100050-11 Herr Viktor Mraz.pdf
[2011/04/06 13:05:57 | 000,056,566 | ---- | C] () -- C:\Users\Sebastian\Desktop\16101011 Frau Gladitsch.pdf
[2011/02/17 16:19:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/06 09:07:06 | 000,000,009 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\nuar.old
[2010/06/06 09:07:05 | 000,000,084 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wp4.dat
[2010/06/06 09:07:05 | 000,000,036 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\skynet.dat
[2010/06/06 09:07:05 | 000,000,002 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wp3.dat
[2009/10/20 10:45:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 10:45:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/11 13:45:50 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI
[2008/12/22 09:08:07 | 000,001,356 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat
[2008/12/01 12:59:53 | 000,000,144 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\LStPref
[2008/11/29 16:41:20 | 000,000,706 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/11/29 16:40:08 | 000,086,016 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 09:41:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008/11/24 09:41:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008/11/16 15:20:54 | 000,000,034 | ---- | C] () -- C:\Windows\Kassenbuch.INI
[2008/11/13 08:00:03 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/13 08:00:03 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/13 08:00:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/13 08:00:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/13 08:00:03 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/13 08:00:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/13 08:00:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/13 08:00:03 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/13 08:00:03 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/13 08:00:03 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/13 08:00:03 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/11/13 08:00:02 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/13 08:00:02 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/13 08:00:02 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/13 08:00:02 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/13 08:00:02 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/13 08:00:02 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/13 08:00:02 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/13 08:00:02 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/13 07:57:39 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2008/11/12 13:35:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/12 13:20:47 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/11/12 10:16:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/06/02 04:37:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/02 04:37:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/06/02 04:37:47 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/02 04:37:47 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/02 04:37:46 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/01 19:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/06/01 19:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/06/01 19:23:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/06/01 19:23:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/06/01 19:23:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/06/01 19:23:24 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/01/21 04:21:25 | 000,621,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:21:25 | 000,123,852 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 22:32:21 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2007/11/15 16:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2007/11/15 16:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2007/11/15 16:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2007/11/15 16:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,446,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,590,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,094 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/01/30 08:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/04/09 06:07:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Atlcom
[2011/01/25 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Bandoo
[2009/02/08 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON
[2011/02/04 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GHISLER
[2010/08/26 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Gydo
[2010/08/27 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Iluler
[2008/11/14 10:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Lexware
[2010/08/27 11:15:23 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\scdata
[2010/07/09 05:26:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sicyk
[2010/06/10 19:16:31 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sysinternals Antivirus
[2009/10/30 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TeamViewer
[2011/02/04 12:59:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Teleca
[2010/11/07 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2010/06/17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ubgoaq
[2010/06/17 15:37:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Uqtex
[2010/07/08 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Veaw
[2011/01/25 09:22:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\WhiteSmoke
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2008/11/12 10:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2008/11/16 12:24:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2011/01/26 15:39:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Bandoo
[2008/11/14 10:49:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BTrieve
[2008/12/31 09:26:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/01/25 08:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2008/12/30 14:01:29 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/06/01 19:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/04/27 09:22:44 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2011/01/25 08:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Fun4IM
[2008/11/14 10:39:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2009/02/17 17:31:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/04 15:38:26 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/25 08:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2008/11/13 08:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/12/31 20:36:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/06/01 19:57:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/08/28 13:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/27 12:24:33 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/12 14:28:22 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/12 14:27:37 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/12 10:47:58 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 897 bytes -> C:\Users\Sebastian\Desktop\FW Grundriss STEAK & SPAIN.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Desktop\Werbespot.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2
< End of report >

Alt 27.04.2011, 19:05   #2
markusg
/// Malware-holic
 
BKA Trojaner Logfile - Standard

BKA Trojaner Logfile


auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:
ATTFilter
:OTL
O4 - HKU\Sebastian_ON_C..\Run: [Kbadv] C:\Users\Sebastian\AppData\Roaming\Atlcom\pnpnew.exe ()
O20 - HKU\Sebastian_ON_C Winlogon: Shell - (C:\Users\SEBAST~1\AppData\Local\Temp\98qgfix6.exe) - C:\Users\Sebastian\AppData\Local\Temp\98qgfix6.exe ()
:Files
C:\Users\Sebastian\AppData\Roaming\Atlcom
C:\Users\SEBAST~1\AppData\Local\Temp\98qgfix6.exe) - C:\Users\Sebastian\AppData\Local\Temp\98qgfix6.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________
Antwort

Themen zu BKA Trojaner Logfile
alternate, antivir, autorun, avgntflt.sys, avira, bandoo, bho, bonjour, datamngr, datamngr.dll, defender, desktop, error, explorer, firefox, format, home, launch, location, log, log file, logfile, mozilla, mozilla thunderbird, oldtimer, plug-in, popup, realtek, reatogo, registry, safer networking, scan, sched.exe, searchplugins, searchqu toolbar, security, security scan, software, temp, trojaner, vista


« Frau in Not :-) logfiles tr/kazy.mekml.1 | Bildschirm schwarz / Tojaner gefunden OTL LOG + Malwarebytes anbei »


Ähnliche Themen: BKA Trojaner Logfile


  1. Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten
    Log-Analyse und Auswertung - 04.09.2013 (17)
  2. Trojaner GVU Logfile FRST GVU-Trojaner Windows 7
    Log-Analyse und Auswertung - 25.07.2013 (1)
  3. GVU Trojaner Logfile
    Log-Analyse und Auswertung - 24.02.2013 (2)
  4. GVU Trojaner 2.07 - Logfile Analyse
    Log-Analyse und Auswertung - 31.07.2012 (3)
  5. GVU Trojaner Logfile
    Log-Analyse und Auswertung - 05.07.2012 (1)
  6. BKA Trojaner - OTL Logfile
    Log-Analyse und Auswertung - 01.03.2012 (9)
  7. Logfile Trojaner, adf.exe, ade.exe und weitere
    Log-Analyse und Auswertung - 17.05.2011 (3)
  8. logfile bka trojaner
    Log-Analyse und Auswertung - 28.04.2011 (23)
  9. BKA-Trojaner - logfile
    Log-Analyse und Auswertung - 20.04.2011 (1)
  10. OTL Logfile- Trojaner?
    Log-Analyse und Auswertung - 01.10.2010 (3)
  11. Trojaner+Logfile
    Log-Analyse und Auswertung - 27.02.2009 (3)
  12. Trojaner weg? Logfile
    Mülltonne - 12.08.2008 (1)
  13. HiJackthis logfile + 3 Trojaner!
    Log-Analyse und Auswertung - 07.01.2007 (1)
  14. logfile hab ich nen trojaner
    Mülltonne - 13.07.2006 (0)
  15. Trojaner/Virus? (mit Logfile)
    Log-Analyse und Auswertung - 23.05.2006 (3)
  16. Trojaner - HJT Logfile
    Plagegeister aller Art und deren Bekämpfung - 10.01.2006 (9)
  17. Trojaner - hier hjt-Logfile
    Log-Analyse und Auswertung - 16.12.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner Logfile - wie sooft auch hier das LOG file mit BKA-Trojaner. Vielen Dank für eure Hilfe OTL logfile created on: 4/27/2011 7:36:41 PM - Run OTLPE by OldTimer - Version 3.1.46.0 Folder - BKA Trojaner Logfile...
Archiv
Du betrachtest: BKA Trojaner Logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55