Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Trojaner Logfile (https://www.trojaner-board.de/98332-bka-trojaner-logfile.html)

Tazzilo 27.04.2011 19:00
BKA Trojaner Logfile
 
wie sooft auch hier das LOG file mit BKA-Trojaner.

Vielen Dank für eure Hilfe



OTL logfile created on: 4/27/2011 7:36:41 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 24.76 Gb Free Space | 35.61% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.44 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 05:18:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/19 03:18:58 | 001,942,416 | ---- | M] (Bandoo Media Inc.) [Auto] -- C:\Program Files\Fun4IM\Bandoo.exe -- (Fun4IM Coordinator)
SRV - [2010/08/02 11:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 08:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/07/20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/03/17 05:18:03 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 06:11:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/18 01:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 22:32:21 | 000,021,560 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2007/04/17 14:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2005/04/12 04:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0908&m=emg520
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0908&m=emg520


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0908&m=emg520
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/402
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Sebastian_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Sebastian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 08:36:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 08:36:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\tb2\components [2011/03/07 06:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\tb2\plugins

[2011/02/17 16:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 16:18:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/04 13:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/04 13:17:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/18 19:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
[2011/03/03 18:28:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/03 18:28:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/03 18:28:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/28 04:41:02 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2011/03/03 18:28:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/03 18:28:53 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\Sebastian_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 1200 Series] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZyEmachine.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [KUGHGZXAKT] File not found
O4 - HKU\.DEFAULT..\Run: [Metropolis] File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Sebastian_ON_C..\Run: [Kbadv] C:\Users\Sebastian\AppData\Roaming\Atlcom\pnpnew.exe ()
O4 - Startup: Error locating startup folders.
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\fun4im\bndhook.dll) - C:\Program Files\Fun4IM\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Sebastian_ON_C Winlogon: Shell - (C:\Users\SEBAST~1\AppData\Local\Temp\98qgfix6.exe) - C:\Users\Sebastian\AppData\Local\Temp\98qgfix6.exe ()
O29 - HKLM SecurityProviders - (miknclbd.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 12:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 12:23:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 12:22:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 12:22:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 12:22:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 12:22:12 | 2072,911,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 11:21:13 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/27 11:21:13 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 11:21:13 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/27 11:21:13 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 09:22:43 | 000,112,343 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100059-11 Katharina Raufeisen.pdf
[2011/04/27 09:07:41 | 000,111,490 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100058-11 Veronika Amme.pdf
[2011/04/27 08:04:22 | 000,127,501 | ---- | M] () -- C:\Users\Sebastian\Desktop\1610057-11 Tobi.pdf
[2011/04/20 09:17:22 | 000,062,088 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100056-11 Ludwig Pils.pdf
[2011/04/16 14:17:06 | 000,113,417 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth (1).pdf
[2011/04/16 14:16:45 | 000,113,413 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth.pdf
[2011/04/16 08:31:04 | 002,257,500 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-komm-essen.pdf
[2011/04/16 08:30:59 | 001,615,997 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-dessert.pdf
[2011/04/16 08:30:50 | 001,395,644 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-wochenkarte.pdf
[2011/04/16 08:30:41 | 001,997,103 | ---- | M] () -- C:\Users\Sebastian\Desktop\karte-0815.pdf
[2011/04/15 08:54:50 | 000,114,320 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100053-11 Verena Schultz.pdf
[2011/04/15 07:39:06 | 000,127,591 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100052-11 Faru Augustin.pdf
[2011/04/13 06:52:43 | 000,109,850 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100051-11 Fabian Noto.pdf
[2011/04/12 07:55:28 | 000,118,620 | ---- | M] () -- C:\Users\Sebastian\Desktop\16100050-11 Herr Viktor Mraz.pdf
[2011/04/06 13:05:58 | 000,056,566 | ---- | M] () -- C:\Users\Sebastian\Desktop\16101011 Frau Gladitsch.pdf
[2011/04/05 05:23:44 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 09:22:06 | 000,112,343 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100059-11 Katharina Raufeisen.pdf
[2011/04/27 09:07:00 | 000,111,490 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100058-11 Veronika Amme.pdf
[2011/04/27 08:03:35 | 000,127,501 | ---- | C] () -- C:\Users\Sebastian\Desktop\1610057-11 Tobi.pdf
[2011/04/20 09:17:21 | 000,062,088 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100056-11 Ludwig Pils.pdf
[2011/04/16 14:17:05 | 000,113,417 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth (1).pdf
[2011/04/16 14:16:45 | 000,113,413 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100055-11 Stefanie Roth.pdf
[2011/04/16 08:31:03 | 002,257,500 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-komm-essen.pdf
[2011/04/16 08:30:58 | 001,615,997 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-dessert.pdf
[2011/04/16 08:30:49 | 001,395,644 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-wochenkarte.pdf
[2011/04/16 08:30:39 | 001,997,103 | ---- | C] () -- C:\Users\Sebastian\Desktop\karte-0815.pdf
[2011/04/15 08:54:49 | 000,114,320 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100053-11 Verena Schultz.pdf
[2011/04/15 07:39:05 | 000,127,591 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100052-11 Faru Augustin.pdf
[2011/04/13 06:52:42 | 000,109,850 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100051-11 Fabian Noto.pdf
[2011/04/12 07:55:28 | 000,118,620 | ---- | C] () -- C:\Users\Sebastian\Desktop\16100050-11 Herr Viktor Mraz.pdf
[2011/04/06 13:05:57 | 000,056,566 | ---- | C] () -- C:\Users\Sebastian\Desktop\16101011 Frau Gladitsch.pdf
[2011/02/17 16:19:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/06 09:07:06 | 000,000,009 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\nuar.old
[2010/06/06 09:07:05 | 000,000,084 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wp4.dat
[2010/06/06 09:07:05 | 000,000,036 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\skynet.dat
[2010/06/06 09:07:05 | 000,000,002 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wp3.dat
[2009/10/20 10:45:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 10:45:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/11 13:45:50 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI
[2008/12/22 09:08:07 | 000,001,356 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat
[2008/12/01 12:59:53 | 000,000,144 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\LStPref
[2008/11/29 16:41:20 | 000,000,706 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/11/29 16:40:08 | 000,086,016 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 09:41:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008/11/24 09:41:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008/11/16 15:20:54 | 000,000,034 | ---- | C] () -- C:\Windows\Kassenbuch.INI
[2008/11/13 08:00:03 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/13 08:00:03 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/13 08:00:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/13 08:00:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/13 08:00:03 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/13 08:00:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/13 08:00:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/13 08:00:03 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/13 08:00:03 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/13 08:00:03 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/13 08:00:03 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/11/13 08:00:02 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/13 08:00:02 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/13 08:00:02 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/13 08:00:02 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/13 08:00:02 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/13 08:00:02 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/13 08:00:02 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/13 08:00:02 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/13 07:57:39 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2008/11/12 13:35:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/12 13:20:47 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/11/12 10:16:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/06/02 04:37:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/02 04:37:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/06/02 04:37:47 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/02 04:37:47 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/02 04:37:46 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/01 19:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/06/01 19:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/06/01 19:23:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/06/01 19:23:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/06/01 19:23:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/06/01 19:23:24 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/01/21 04:21:25 | 000,621,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:21:25 | 000,123,852 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 22:32:21 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2007/11/15 16:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2007/11/15 16:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2007/11/15 16:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2007/11/15 16:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,446,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,590,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,094 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/01/30 08:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/04/09 06:07:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Atlcom
[2011/01/25 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Bandoo
[2009/02/08 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON
[2011/02/04 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GHISLER
[2010/08/26 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Gydo
[2010/08/27 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Iluler
[2008/11/14 10:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Lexware
[2010/08/27 11:15:23 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\scdata
[2010/07/09 05:26:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sicyk
[2010/06/10 19:16:31 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sysinternals Antivirus
[2009/10/30 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TeamViewer
[2011/02/04 12:59:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Teleca
[2010/11/07 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2010/06/17 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ubgoaq
[2010/06/17 15:37:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Uqtex
[2010/07/08 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Veaw
[2011/01/25 09:22:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\WhiteSmoke
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2008/11/12 10:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2008/11/16 12:24:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Avery
[2011/01/26 15:39:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Bandoo
[2008/11/14 10:49:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BTrieve
[2008/12/31 09:26:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/01/25 08:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2008/12/30 14:01:29 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/06/01 19:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/04/27 09:22:44 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2011/01/25 08:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Fun4IM
[2008/11/14 10:39:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2009/02/17 17:31:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/04 15:38:26 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/25 08:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2008/11/13 08:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/11/12 10:01:01 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/12/31 20:36:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/06/01 19:57:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/08/28 13:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/27 12:24:33 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/12 14:28:22 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/12 14:27:37 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/12 10:47:58 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 897 bytes -> C:\Users\Sebastian\Desktop\FW Grundriss STEAK & SPAIN.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Desktop\Werbespot.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

markusg 27.04.2011 19:05
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:
:OTL
O4 - HKU\Sebastian_ON_C..\Run: [Kbadv] C:\Users\Sebastian\AppData\Roaming\Atlcom\pnpnew.exe ()
O20 - HKU\Sebastian_ON_C Winlogon: Shell - (C:\Users\SEBAST~1\AppData\Local\Temp\98qgfix6.exe) - C:\Users\Sebastian\AppData\Local\Temp\98qgfix6.exe ()
:Files
C:\Users\Sebastian\AppData\Roaming\Atlcom
C:\Users\SEBAST~1\AppData\Local\Temp\98qgfix6.exe) - C:\Users\Sebastian\AppData\Local\Temp\98qgfix6.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19