Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner,Auswertung von Log OTL

BKA Trojaner,Auswertung von Log OTL


Log-Analyse und Auswertung: BKA Trojaner,Auswertung von Log OTL

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.05.2012, 21:05   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01  [binary data]
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.ssl: "ipla"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - user.js - File not found
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml
[2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml
[2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze
C:\Users\mk-13\AppData\Roaming\loadtbs
C:\Users\mk-13\AppData\Roaming\Ulamni
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.05.2012, 21:39   #2
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL


hi,jetzt haste mir aber angst gemacht,nach den neu start hat win fast 5min gebraucht um zu starten,da war nur das win logo zu sehen!
gruss


Code:
ATTFilter
 

All processes killed
========== OTL ==========
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "ipla" removed from network.proxy.ssl
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\en-US folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\de-DE folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\lib folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons\preispilot folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\en-US folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\de-DE folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\lib folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons\preispilot folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com folder moved successfully.
Folder C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\ not found.
C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml moved successfully.
C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}\ deleted successfully.
C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ deleted successfully.
File 13\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AsioReg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
File F:\pushinst.exe not found.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\mk-13\AppData\Roaming\loadtbs\chrome@loadtubes.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\loadtbs folder moved successfully.
C:\Users\mk-13\AppData\Roaming\Ulamni folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mk-13
->Temp folder emptied: 66541244 bytes
->Temporary Internet Files folder emptied: 13981815 bytes
->Java cache emptied: 459136 bytes
->FireFox cache emptied: 791790624 bytes
->Google Chrome cache emptied: 1642864 bytes
->Flash cache emptied: 80779 bytes
 
User: mk13
 
User: mk13.mk-PC
->Java cache emptied: 33801 bytes
->FireFox cache emptied: 129023790 bytes
->Flash cache emptied: 2388 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8972 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3568113 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 961,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: mk-13
->Flash cache emptied: 0 bytes
 
User: mk13
 
User: mk13.mk-PC
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_222907

Files\Folders moved on Reboot...
C:\Users\mk-13\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_001_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_002_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_003_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...
__________________
Alt 05.06.2012, 20:16   #3
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL


Zitat:
Zitat von cosinus Beitrag anzeigen

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

![/color][/b]
Hi,bisher läuft alles gut,danke.Was ist aber mit sicherheitskopie von OTL,muss die gelöscht werden oder ist diese auch weg?

Ach ja ich bekomme jetzt diese meldung(siehe Bildanhang).

Camodo ist auch gelöscht,gabe jetzt nur Anti Malwarebytes und Microsoft Antivirus.

gruss
__________________
Miniaturansicht angehängter Grafiken
BKA Trojaner,Auswertung von Log OTL-mm.jpg  

Antwort

Themen zu BKA Trojaner,Auswertung von Log OTL
anwendung, bildschirm, brenner, comodo, defekt, euro, fehler, gesperrt, hängen, internet, kaspersky, locker, log, mahnung, mail, malware, nicht mehr, nicht sicher, prblem, prüfen, rechner, rescue cd, screen, security, seite, starten, system, trojaner, usb, windowsunlocker, zip-datei, öffnen


« Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-Trojaner | TR/Dldr.Vidlo.A.18 - Dateien beschädigt »


Ähnliche Themen: BKA Trojaner,Auswertung von Log OTL


  1. GVU Trojaner, OTL.txt, OTL Auswertung
    Log-Analyse und Auswertung - 24.02.2013 (2)
  2. GVU Trojaner, OTL.txt, OTL Auswertung
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (2)
  3. Trojaner LOG - Auswertung
    Log-Analyse und Auswertung - 03.11.2012 (1)
  4. GVU-Trojaner Logfiles Auswertung
    Log-Analyse und Auswertung - 30.07.2012 (4)
  5. GVU/BKA Trojaner OTL.log zur Auswertung
    Log-Analyse und Auswertung - 04.07.2012 (3)
  6. OTL Auswertung nach Hijackthis Online-Auswertung
    Log-Analyse und Auswertung - 11.11.2011 (3)
  7. BKA-Trojaner - Auswertung
    Plagegeister aller Art und deren Bekämpfung - 07.09.2011 (42)
  8. BKA Trojaner brauche LOG Auswertung
    Log-Analyse und Auswertung - 29.08.2011 (17)
  9. BKA-Trojaner Log-Auswertung
    Log-Analyse und Auswertung - 19.08.2011 (1)
  10. BKA-Trojaner LOG-AUswertung
    Log-Analyse und Auswertung - 11.08.2011 (11)
  11. BKA Trojaner - Auswertung der Logdatei
    Log-Analyse und Auswertung - 27.07.2011 (1)
  12. Auswertung BKA/Trojaner
    Log-Analyse und Auswertung - 19.06.2011 (8)
  13. BKA-Trojaner otl.txt auswertung
    Log-Analyse und Auswertung - 24.05.2011 (4)
  14. Auswertung Trojaner ?!
    Log-Analyse und Auswertung - 24.08.2008 (3)
  15. Trojaner auswertung gebeten !??
    Log-Analyse und Auswertung - 30.12.2007 (0)
  16. Trojaner? Bitte um auswertung
    Log-Analyse und Auswertung - 28.12.2007 (0)
  17. Log 'Auswertung, Trojaner? Problem
    Log-Analyse und Auswertung - 25.08.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner,Auswertung von Log OTL - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - BKA Trojaner,Auswertung von Log OTL...
Archiv
Du betrachtest: BKA Trojaner,Auswertung von Log OTL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132