Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: OTL logfile analyse

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.05.2011, 20:35   #1
kinkon
 
OTL logfile analyse - Standard

OTL logfile analyse



guten abend

hatte gestern zum ersten mal eine trojaner attacke und habe
malwarebytes suchen lassen (quick und vollständig)
es fand nach jedem neustart jedoch wieder trojaner ....
nun aber nach dem 3ten mal nicht mehr

nun habe ich mir OTL runtergeladen und würde mich freuen wenn mir jemand
weiterhelfen kann?

zu dem ganzen kommt dass meine dateien von der c platte weg sind
(nur musik gott sei dank)
kann es denn sein dass der trojaner noch immer da ist oder ein verstecktes programm?
systemwiederherstellung geht auch nicht weil immer dort steht nach angeblicher wiederherstellung dass das virenschutzprogramm dafür deaktiviert sein muss .... doch das half auch nichts...

vielen dank im vorraus







OTL logfile created on: 5/11/2011 9:19:21 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\kinkon\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.39 Gb Total Space | 80.58 Gb Free Space | 55.04% Space Free | Partition Type: NTFS
Drive D: | 1250.78 Gb Total Space | 1148.99 Gb Free Space | 91.86% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 71.32 Mb Free Space | 71.32% Space Free | Partition Type: NTFS

Computer Name: KINKON-PC | User Name: kinkon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 21:18:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kinkon\Downloads\OTL.exe
PRC - [2011/05/05 22:42:14 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\P\plugin-container.exe
PRC - [2011/05/05 22:42:13 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\P\firefox.exe
PRC - [2011/04/27 19:36:16 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/21 20:44:22 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/24 00:43:42 | 000,107,008 | -H-- | M] () -- C:\P\VLC\vlc.exe
PRC - [2010/12/13 18:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 18:39:18 | 000,389,288 | -H-- | M] (Avira GmbH) -- C:\P\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010/11/24 02:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/05/14 21:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/01/07 23:09:38 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
PRC - [2009/12/31 04:47:38 | 000,523,408 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2009/10/16 20:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/03/30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 21:18:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kinkon\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/19 15:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/04 18:12:33 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/04/27 19:36:16 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\P\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/21 20:44:22 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\P\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/08 23:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/16 20:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/13 18:39:38 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/12/13 18:39:38 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/07/30 23:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 23:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 23:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 23:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/26 21:24:58 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/07/26 21:24:54 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/05/31 05:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/12/22 12:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/19 15:50:12 | 006,098,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/08/28 20:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 76 53 09 4F 0C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/04/11 19:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\P\components [2011/05/11 20:14:44 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\P\plugins [2011/05/11 20:14:44 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/04/11 19:44:44 | 000,000,000 | ---D | M]

[2011/01/29 06:46:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\kinkon\AppData\Roaming\mozilla\Extensions
[2011/05/07 05:06:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\kinkon\AppData\Roaming\mozilla\Firefox\Profiles\x3eqmhuq.default\extensions
[2011/04/11 21:48:26 | 000,002,317 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\geizhalsat.xml
[2011/03/02 19:59:39 | 000,000,937 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\ponseu--spanisch--deutsch.xml
[2011/02/13 02:41:18 | 000,001,336 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\wiktionary-en.xml
[2011/01/29 07:05:18 | 000,002,057 | -H-- | M] () -- C:\Users\kinkon\AppData\Roaming\Mozilla\Firefox\Profiles\x3eqmhuq.default\searchplugins\youtube-videosuche.xml
File not found (No name found) --
[2011/05/11 20:14:44 | 000,000,000 | -H-D | M] (Java Console) -- C:\P\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KINKON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3EQMHUQ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\KINKON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3EQMHUQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Eraser] D:\Programme\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\P\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Standby] C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 00:07:52 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\AppData\Roaming\Malwarebytes
[2011/05/11 00:07:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/11 00:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/11 00:07:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011/05/11 00:07:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/11 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/08 05:21:36 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\.datTrader
[2011/04/19 22:33:44 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\Desktop\3100
[2011/04/16 20:43:00 | 000,000,000 | -H-D | C] -- C:\Users\kinkon\AppData\Local\Eraser 6
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 21:08:30 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/05/11 20:32:37 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/11 20:32:37 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/05/11 20:32:37 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/11 20:32:37 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/05/11 20:32:37 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/11 20:28:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 20:28:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 20:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 20:27:53 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/11 19:49:53 | 000,076,950 | ---- | M] () -- C:\cc_20110511_194917.reg
[2011/05/11 19:46:07 | 000,001,587 | ---- | M] () -- C:\Users\kinkon\Desktop\mbam - Verknüpfung.lnk
[2011/05/11 17:58:51 | 000,274,432 | ---- | M] () -- C:\Users\kinkon\J0GZWo455FY3.exe
[2011/05/10 23:15:25 | 000,000,000 | -H-- | M] () -- C:\Users\kinkon\2gweorjqjutp92vjy9gake
[2011/05/09 20:36:25 | 000,003,350 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/05 22:42:32 | 000,001,456 | -H-- | M] () -- C:\Users\kinkon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/26 02:15:41 | 001,411,509 | -H-- | M] () -- C:\Users\kinkon\Desktop\DSC_5040.JPG
[2011/04/16 13:48:31 | 000,300,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 19:49:41 | 000,076,950 | ---- | C] () -- C:\cc_20110511_194917.reg
[2011/05/11 19:46:07 | 000,001,587 | ---- | C] () -- C:\Users\kinkon\Desktop\mbam - Verknüpfung.lnk
[2011/05/11 19:45:30 | 000,274,432 | ---- | C] () -- C:\Users\kinkon\J0GZWo455FY3.exe
[2011/05/10 23:15:25 | 000,000,000 | -H-- | C] () -- C:\Users\kinkon\2gweorjqjutp92vjy9gake
[2011/04/26 02:16:05 | 001,411,509 | -H-- | C] () -- C:\Users\kinkon\Desktop\DSC_5040.JPG
[2011/04/13 19:25:05 | 001,144,438 | -H-- | C] () -- C:\Users\kinkon\Desktop\DSC_3171.JPG
[2011/01/30 12:32:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/29 10:55:21 | 000,004,608 | -H-- | C] () -- C:\Users\kinkon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 10:54:31 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/29 10:54:31 | 000,000,168 | RHS- | C] () -- C:\ProgramData\1439757CE5.sys
[2011/01/29 06:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/29 06:06:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/29 06:06:49 | 000,030,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 08:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2008/12/02 04:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2011/01/29 10:30:10 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\7art
[2011/04/11 20:01:16 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\Nokia
[2011/04/11 20:01:16 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\Nokia Ovi Suite
[2011/04/11 19:53:13 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\PC Suite
[2011/03/06 19:14:45 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\Ulead Systems
[2011/05/11 19:48:47 | 000,000,000 | -H-D | M] -- C:\Users\kinkon\AppData\Roaming\uTorrent
[2011/03/29 19:14:34 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Alt 11.05.2011, 21:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTL logfile analyse - Standard

OTL logfile analyse



Zitat:
malwarebytes suchen lassen (quick und vollständig)
es fand nach jedem neustart jedoch wieder trojaner ....
Und wo sind die Logs? Bitte alle nachreichen!
__________________

__________________

Antwort

Themen zu OTL logfile analyse
adobe, akamai, antivir, autorun, avgntflt.sys, avira, bho, c platte, defender, desktop, eraser, error, explorer, format, langs, location, logfile, mozilla, musik, neustart, oldtimer, plug-in, programm, programme, realtek, registry, scan, searchplugins, software, start menu, suche, syswow64, trojaner, usb, usb 3.0, vdeck.exe, webcheck, windows




Ähnliche Themen: OTL logfile analyse


  1. GMER Logfile - bitte um Analyse
    Log-Analyse und Auswertung - 19.05.2015 (11)
  2. GVU Trojaner 2.07 - Logfile Analyse
    Log-Analyse und Auswertung - 31.07.2012 (3)
  3. OTL Logfile Analyse
    Log-Analyse und Auswertung - 18.06.2012 (1)
  4. Bitte um Analyse Gmer Logfile
    Log-Analyse und Auswertung - 09.06.2011 (1)
  5. Logfile Analyse URLSearchHook?
    Log-Analyse und Auswertung - 29.04.2010 (1)
  6. logfile analyse
    Mülltonne - 03.02.2009 (2)
  7. Probleme bei Logfile Analyse
    Log-Analyse und Auswertung - 14.08.2008 (11)
  8. Bitte um Logfile analyse
    Log-Analyse und Auswertung - 30.03.2007 (2)
  9. Bitte um Logfile Analyse
    Log-Analyse und Auswertung - 30.03.2007 (2)
  10. bitte um Logfile Analyse
    Log-Analyse und Auswertung - 30.03.2007 (1)
  11. HJT Logfile analyse
    Mülltonne - 18.12.2006 (0)
  12. An die Profis: Bitte um LogFile Analyse!!!
    Log-Analyse und Auswertung - 29.12.2005 (2)
  13. Bitte um eine Logfile-Analyse
    Log-Analyse und Auswertung - 21.04.2005 (2)
  14. Hilfe bei Hijackthis Logfile Analyse
    Log-Analyse und Auswertung - 20.04.2005 (2)
  15. Bitte um Logfile-Analyse...
    Log-Analyse und Auswertung - 13.03.2005 (6)
  16. Logfile-Analyse
    Log-Analyse und Auswertung - 16.12.2004 (1)
  17. Logfile für Analyse
    Log-Analyse und Auswertung - 09.11.2004 (7)

Zum Thema OTL logfile analyse - guten abend hatte gestern zum ersten mal eine trojaner attacke und habe malwarebytes suchen lassen (quick und vollständig) es fand nach jedem neustart jedoch wieder trojaner .... nun aber nach - OTL logfile analyse...
Archiv
Du betrachtest: OTL logfile analyse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.