|
Plagegeister aller Art und deren Bekämpfung: Österreichischer PolizeitrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.07.2012, 18:14 | #1 |
| Österreichischer Polizeitrojaner Hallo Heute habe ich mir den alt bekannten BKA-Trojaner in einer neuen Österreich-Version geholt. Ich benutze ein Windows 7 x86 - Betriebssystem. Im Abgesichtertem Modus habe ich entdeckt - dass "Shell" die explorer.exe Datei manipuliert hat und somit sehe ich nur das Pop-Up Ich hoffe ihr könnt mir helfen - gerne zeige ich auch ein Beweisfoto. Zusätzlich: Ich kann z.B. OTL oder ähnliches nicht am Desktop speichern! mfg. Nik1 Geändert von Nik1 (19.07.2012 um 18:23 Uhr) |
19.07.2012, 21:17 | #2 | |
/// Helfer-Team | Österreichischer PolizeitrojanerZitat:
__________________ |
19.07.2012, 21:33 | #3 |
| Österreichischer Polizeitrojaner Danke, aber ich bin schon mal hier gewesen.
__________________Also, ich habe nun einen anderen Account auf dem PC. Ich habe auch einen Scan mit Malwarebyte gemacht, hier der Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 NIKITA :: NIKITA-PC [Administrator] Schutz: Aktiviert 19.07.2012 21:05:37 mbam-log-2012-07-19 (21-11-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215763 Laufzeit: 4 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\NIKITA\AppData\Local\Temp\ICReinstall\FLVPlayerSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\NIKITA\AppData\Local\Temp\10092937.Uninstall\Uninstall.exe (Adware.Agent) -> Keine Aktion durchgeführt. (Ende) Hier sind außerdem, die Logfiles von OTL: Code:
ATTFilter OTL logfile created on: 19.07.2012 22:58:14 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ersatz\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,22% Memory free 4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,74 Gb Total Space | 15,87 Gb Free Space | 27,02% Space Free | Partition Type: NTFS Drive D: | 5,89 Gb Total Space | 5,30 Gb Free Space | 89,91% Space Free | Partition Type: NTFS Drive E: | 401,12 Gb Total Space | 135,96 Gb Free Space | 33,89% Space Free | Partition Type: NTFS Computer Name: NIKITA-PC | User Name: NIKITA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ersatz\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\vVX3000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.034\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.034\NAVENG.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 3E 31 DE 4B 63 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {8704E8C4-9DB6-4A09-8617-C4957FB2BBF4} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc} IE - HKCU\..\SearchScopes\{8704E8C4-9DB6-4A09-8617-C4957FB2BBF4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.11 20:17:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012.07.19 22:52:24 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKCU..\Run: [WSDPrintProxy] C:\Users\NIKITA\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://86.56.142.34/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63D31F64-6C0D-4E45-9DDE-6659B683EB94}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\AppData\Roaming\Malwarebytes [2012.07.19 21:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.19 21:04:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.19 21:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.19 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.19 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\AppData\Roaming\hellomoto [2012.07.13 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Software Untergrund [2012.07.13 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.07.13 14:34:13 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\Leisure Media [2012.07.13 14:33:56 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Leisure Media [2012.07.13 14:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leisure Media [2012.07.13 14:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Leisure Media [2012.07.11 23:32:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 23:32:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 23:32:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 23:32:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 23:32:06 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 23:32:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 23:32:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 23:28:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 16:44:32 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 16:44:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 16:44:29 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.10 21:13:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2012.07.01 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\Krippenstein-Dateien [2012.06.29 14:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\ÖBB.S12 [2012.06.22 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\KOMPASS Digital Map [2012.06.21 18:14:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.21 18:14:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.21 18:14:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.21 18:14:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.21 18:14:36 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.21 18:14:25 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.21 18:14:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.20 16:47:56 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\Hauptstädte-Dateien [2012.06.20 15:56:00 | 000,000,000 | ---D | C] -- C:\Users\NIKITA\Documents\1btf-Dateien [1 C:\Users\NIKITA\AppData\Local\*.tmp files -> C:\Users\NIKITA\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.19 23:01:01 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 23:01:01 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 22:57:32 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.19 22:57:32 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.19 22:57:32 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.19 22:57:32 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.19 22:52:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.19 22:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.19 22:52:14 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2012.07.19 22:29:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.19 21:04:41 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.19 17:56:03 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat [2012.07.18 19:41:42 | 000,044,501 | ---- | M] () -- C:\Users\NIKITA\.recently-used.xbel [2012.07.15 11:49:13 | 000,921,624 | ---- | M] () -- C:\img2-001.raw [2012.07.13 14:36:11 | 000,001,397 | ---- | M] () -- C:\Users\NIKITA\Desktop\Digitaler Auto- und Motorradatlas.lnk [2012.07.12 14:39:12 | 004,130,938 | ---- | M] () -- C:\Users\NIKITA\U-Bahn Wien - Gleisplan.png [2012.07.12 07:18:19 | 000,298,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 19:13:31 | 000,092,968 | ---- | M] () -- C:\Users\NIKITA\Documents\Krippenstein.pbf [2012.06.29 15:24:16 | 000,000,984 | ---- | M] () -- C:\Users\NIKITA\Desktop\KOMPASS Wanderkarte Österreich.lnk [2012.06.29 14:34:45 | 000,000,974 | ---- | M] () -- C:\Users\NIKITA\Desktop\ÖBB Sommer 2012.lnk [2012.06.27 14:07:36 | 000,069,841 | ---- | M] () -- C:\Users\NIKITA\Documents\1BTF.pbf [2012.06.27 14:03:56 | 000,175,999 | ---- | M] () -- C:\Users\NIKITA\Documents\Hauptstädte.pbf [2012.06.24 11:06:09 | 002,058,725 | ---- | M] () -- C:\Users\NIKITA\Documents\Reise Ö.odt [1 C:\Users\NIKITA\AppData\Local\*.tmp files -> C:\Users\NIKITA\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.19 21:04:40 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.19 17:56:03 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat [2012.07.18 19:41:42 | 000,044,501 | ---- | C] () -- C:\Users\NIKITA\.recently-used.xbel [2012.07.13 14:36:11 | 000,001,397 | ---- | C] () -- C:\Users\NIKITA\Desktop\Digitaler Auto- und Motorradatlas.lnk [2012.07.12 22:22:43 | 004,130,938 | ---- | C] () -- C:\Users\NIKITA\U-Bahn Wien - Gleisplan.png [2012.07.01 17:52:36 | 000,092,968 | ---- | C] () -- C:\Users\NIKITA\Documents\Krippenstein.pbf [2012.06.29 15:24:30 | 000,000,984 | ---- | C] () -- C:\Users\NIKITA\Desktop\KOMPASS Wanderkarte Österreich.lnk [2012.06.29 14:34:44 | 000,000,974 | ---- | C] () -- C:\Users\NIKITA\Desktop\ÖBB Sommer 2012.lnk [2012.06.26 13:39:47 | 000,069,841 | ---- | C] () -- C:\Users\NIKITA\Documents\1BTF.pbf [2012.06.20 16:47:56 | 000,175,999 | ---- | C] () -- C:\Users\NIKITA\Documents\Hauptstädte.pbf [2012.06.07 20:49:18 | 002,324,069 | ---- | C] () -- C:\Users\NIKITA\IMGP1647.JPG [2012.06.07 20:49:18 | 002,287,564 | ---- | C] () -- C:\Users\NIKITA\IMGP1691.JPG [2012.06.07 20:49:18 | 002,271,650 | ---- | C] () -- C:\Users\NIKITA\IMGP1646.JPG [2012.06.07 20:49:18 | 001,754,010 | ---- | C] () -- C:\Users\NIKITA\IMGP1689.JPG [2012.06.07 20:49:18 | 001,726,246 | ---- | C] () -- C:\Users\NIKITA\IMGP1688.JPG [2012.06.07 20:49:18 | 001,333,141 | ---- | C] () -- C:\Users\NIKITA\IMGP1690.JPG [2012.05.01 15:45:45 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.01.25 20:36:18 | 000,000,000 | ---- | C] () -- C:\Users\NIKITA\AppData\Local\{629EC0AE-5B76-4CAE-973E-C4681283AECA} [2011.11.22 20:22:03 | 000,000,000 | ---- | C] () -- C:\Users\NIKITA\AppData\Local\{A196D9B3-CBDB-4913-8864-011930318694} [2011.11.05 20:57:44 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2011.10.05 22:23:06 | 000,000,000 | ---- | C] () -- C:\Users\NIKITA\AppData\Local\{348CEF5A-EE55-4F4A-8459-78D7CA394AAE} [2011.08.31 09:22:57 | 002,084,012 | ---- | C] () -- C:\Users\NIKITA\AppData\Roaming\mdbu.bin [2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.07.2012 22:58:14 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ersatz\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,22% Memory free 4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,74 Gb Total Space | 15,87 Gb Free Space | 27,02% Space Free | Partition Type: NTFS Drive D: | 5,89 Gb Total Space | 5,30 Gb Free Space | 89,91% Space Free | Partition Type: NTFS Drive E: | 401,12 Gb Total Space | 135,96 Gb Free Space | 33,89% Space Free | Partition Type: NTFS Computer Name: NIKITA-PC | User Name: NIKITA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AB8945-19AC-4598-8FF3-DA4C347B354C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{00E25246-DD50-4300-AB8A-AE4340DE5C59}" = rport=139 | protocol=6 | dir=out | app=system | "{084717B8-B882-4D35-90D5-22843EB442FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0EEB23F4-C88E-4BA9-BA28-38C230057858}" = lport=138 | protocol=17 | dir=in | app=system | "{2FE788F6-6E4B-46A8-B506-64C4B0F7A59A}" = lport=137 | protocol=17 | dir=in | app=system | "{340CB0DC-5F7D-4608-B4AC-C25B4574D091}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{46F07003-C8F1-4533-BE80-726ABF258EB3}" = lport=139 | protocol=6 | dir=in | app=system | "{5F768391-980B-4677-BA1C-E493C9287977}" = lport=445 | protocol=6 | dir=in | app=system | "{6CBFF7D2-05C0-4D6E-AC3D-D12C1F8A673E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73CA5781-C113-4076-A98E-760AD25B7B2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B18DB62-358F-48DD-8D94-A22DC10CA4AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C6AE1FE-F98C-46FE-A047-43AC3AA866C5}" = rport=138 | protocol=17 | dir=out | app=system | "{9592ADAC-C456-43E2-8D2D-0819F265F03E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9FAE3D60-6F3D-4498-B1B9-63A10AB97DE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A3B33FF8-63FC-4E54-B9DB-1420B1ADACD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A904E24F-F252-44CC-8C84-3857819345D2}" = rport=445 | protocol=6 | dir=out | app=system | "{B38124CE-140A-40C4-ACFB-6286B0DC484A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B4CC21E5-11A5-4D4F-84C8-935C4E5FCC7D}" = rport=10243 | protocol=6 | dir=out | app=system | "{BD110367-E96B-4B26-A4B1-DCE275288B35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C2D924FD-5B2A-4456-8331-E463C36B2534}" = lport=2869 | protocol=6 | dir=in | app=system | "{C99062D8-8629-40E7-8E4D-05E2753B93A6}" = lport=10243 | protocol=6 | dir=in | app=system | "{D7D518E8-FC98-42DB-8972-8DF7D4A37ED5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F39266CC-3D02-4409-B826-C521461C2746}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F76F05DE-8818-4366-BAF7-6A69FE5E5270}" = rport=137 | protocol=17 | dir=out | app=system | "{FA3BFD45-19B2-442B-AADD-5212508FC7E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08805679-8097-44B9-80F7-45A33611D629}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{09FA399F-DD3E-4A56-B899-A1555A113D6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D60C853-B01E-4371-9A8D-6151F7AC340A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{0FDB6EA4-7ABA-4A35-B1F3-13CDC5C4D1D2}" = protocol=6 | dir=out | app=system | "{1F0C2D52-83B9-42FF-ABE2-E0371C6DEA9C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{2662B2FD-3F5B-423A-973B-B79415794A63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2C1443F3-19E0-4C58-95CA-23C19156919D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{3088DAE7-A9EC-48D5-BA33-F17ABE8379E1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{3B4F3688-857B-4B40-A00F-9EE8D40444D5}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{5C335B53-6993-45D6-B038-75EAD8D98A6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{64A616D4-7CC9-4209-A166-F54DC5912562}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D0B0416-428A-4393-8927-6B6F6AD0A68F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{78FDA72E-CE27-4812-AE38-52E198BDC6D1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{7B1A9191-F7A7-4B4B-90DE-C8BA8E2A061A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7C3D6CBB-C5A8-4BB5-B8AD-BCCD8532F6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7DF5757A-D9C7-4204-9F0F-C90C3B85C7DE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{811C5299-86CE-4380-93B1-3C801366AE89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{874AD796-D9C1-4F73-844B-38D899D3DC06}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{8C1CA94F-D673-4DD4-81A4-1C2408523D29}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{9651F312-1B8F-4555-97C0-941F1EBABDF7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{9C2E8F02-7F9A-4ADA-B74D-0EAED54D9E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ADF21795-967F-44CC-81C3-326733D9CB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B3B9A2A9-F22B-45A8-94A9-1A1CD223A602}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{B6011D57-1BD2-496F-9007-90CF5002D164}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C2AB5DD3-9960-448D-833B-39FD4E222774}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{C523959F-957D-4857-B50E-EE65C10253BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CE81654B-1030-4D01-B587-A5378B22C54A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D39B9351-C9CE-407E-AD13-5AF3DFF093BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D4751822-DA67-451B-B74D-8F32D0A95A8B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{DA59BADE-4FA7-4F57-91B2-DB2DCF86A94E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{E0ED0461-C1DC-4956-9EBB-22D8FFA9EF08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7F34DE7-7985-48F1-9DB7-D42338AAA752}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{F0754E37-7781-4EEF-BD4E-CE34912B1D4E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{FE8E2663-C30C-4A08-88F3-F98A91E77B7E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "TCP Query User{3FA28567-428C-436D-930B-0C7252F0CAF1}C:\users\nikita\flat out 2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe | "TCP Query User{430F99D9-BA6F-4694-8008-C55BA1904B28}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{4D6E0DAD-FCC1-4A4D-8306-39E9A9F5D94D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9FAE281D-FF4D-4827-9F07-1E15DF7B8870}C:\users\nikita\flat out 2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe | "UDP Query User{206D4BCE-E867-41CE-935D-4AF01B154210}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3387D3EF-B3DB-4989-B26A-A0A07B5AF355}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{9914BC1F-72EE-40E4-ABB2-02AD22807EDF}C:\users\nikita\flat out 2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe | "UDP Query User{DADD3352-AD39-4D40-9471-D16F941A1E9D}C:\users\nikita\flat out 2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\nikita\flat out 2\flatout2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8 "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Bus-Simulator 2009_is1" = Bus-Simulator 2009 "Digitaler Auto- und Motorradatlas" = Digitaler Auto- und Motorradatlas "FormatFactory" = FormatFactory 2.90 "HappyFoto-Designer_is1" = HappyFoto-Designer 2.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NIS" = Norton Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ÖBB Sommer 2012" = ÖBB Sommer 2012 "Picasa 3" = Picasa 3 "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "wintrack10demo_is1" = WinTrack Demo Version 10.0 3D "YTdetect" = Yahoo! Detect ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.07.2012 04:13:59 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2012 13:29:27 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2012 14:38:20 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2012 15:59:26 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2012 05:45:19 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2012 07:16:28 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2012 14:03:31 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2012 14:21:56 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2012 14:34:28 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2012 15:20:11 | Computer Name = NIKITA-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 26.02.2012 09:19:15 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0 Description = 14:19:15 - Fehler beim Herstellen der Internetverbindung. 14:19:15 - Serververbindung konnte nicht hergestellt werden.. Error - 26.02.2012 09:19:25 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0 Description = 14:19:21 - Fehler beim Herstellen der Internetverbindung. 14:19:21 - Serververbindung konnte nicht hergestellt werden.. Error - 26.02.2012 10:22:07 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0 Description = 15:22:07 - Fehler beim Herstellen der Internetverbindung. 15:22:07 - Serververbindung konnte nicht hergestellt werden.. Error - 26.02.2012 10:22:19 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0 Description = 15:22:12 - Fehler beim Herstellen der Internetverbindung. 15:22:12 - Serververbindung konnte nicht hergestellt werden.. Error - 26.02.2012 14:11:53 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0 Description = 19:11:53 - Fehler beim Herstellen der Internetverbindung. 19:11:53 - Serververbindung konnte nicht hergestellt werden.. Error - 26.02.2012 14:12:02 | Computer Name = NIKITA-PC | Source = MCUpdate | ID = 0 Description = 19:11:58 - Fehler beim Herstellen der Internetverbindung. 19:11:58 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 19.07.2012 14:54:12 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:54:13 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:55:12 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:57:21 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2012 14:58:56 | Computer Name = NIKITA-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Geändert von Nik1 (19.07.2012 um 22:07 Uhr) Grund: Logfiles von OTL |
19.07.2012, 22:40 | #4 |
/// Helfer-Team | Österreichischer Polizeitrojaner Warum kannst du nicht auf dem Desktop speichern? Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
20.07.2012, 08:30 | #5 |
| Österreichischer Polizeitrojaner Das mit dem Desktop hat sich erledigt - ich kann das Programm normal auf den Desktop speichern. Habe das Programm nach Anleitung downgeloaded und gestartet. Doch im Gegensatz zu der Anleitung fährt sich der PC herunter und startet neu - dabei erscheint das Fenster immerwieder neu, schließt sich und verschiebt sich - Immer wieder! Es entsteht auch kein Log. Das Blaue leere Fenster öffnet sich nur immer wieder neu und verschiebt sich dabei immer zum rechten unterem Rand. Hab im Abgesichertem Modus entdeckt, dass es dort weitergeht - wie in der Anleitung. Hier ist der Log: Code:
ATTFilter ComboFix 12-07-20.01 - NIKITA 20.07.2012 10:31:36.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1206 [GMT 2:00] ausgeführt von:: c:\users\Ersatz2\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\NIKITA\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-20 bis 2012-07-20 )))))))))))))))))))))))))))))) . . 2012-07-20 08:40 . 2012-07-20 09:25 -------- d-----w- c:\users\NIKITA\AppData\Local\temp 2012-07-20 08:40 . 2012-07-20 08:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-20 08:40 . 2012-07-20 08:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 08:01 . 2012-07-20 08:01 -------- d-----w- c:\users\Ersatz2 2012-07-20 07:39 . 2012-07-20 07:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD8E0665-7AC3-488D-B66D-268E8D6A0422}\offreg.dll 2012-07-19 19:04 . 2012-07-19 19:04 -------- d-----w- c:\users\NIKITA\AppData\Roaming\Malwarebytes 2012-07-19 19:04 . 2012-07-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-19 19:04 . 2012-07-19 19:04 -------- d-----w- c:\programdata\Malwarebytes 2012-07-19 19:04 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-19 15:42 . 2012-07-19 15:42 -------- d-----w- c:\users\NIKITA\AppData\Roaming\hellomoto 2012-07-17 06:08 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD8E0665-7AC3-488D-B66D-268E8D6A0422}\mpengine.dll 2012-07-13 12:39 . 2012-07-13 12:39 -------- d-----w- c:\program files\Software Untergrund 2012-07-13 12:38 . 2012-07-13 12:38 -------- d-----w- c:\program files\Common Files\InstallShield 2012-07-13 12:30 . 2012-07-13 12:30 -------- d-----w- c:\program files\Leisure Media 2012-07-11 21:28 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 19:13 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2012-06-29 12:34 . 2012-06-29 12:34 -------- d-----w- c:\program files\ÖBB.S12 2012-06-21 16:14 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 16:14 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 16:14 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 16:14 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 16:14 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 16:14 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 16:14 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 16:14 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 16:14 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 10:25 . 2011-08-25 17:41 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-11 16:53 . 2012-05-11 16:53 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-11 16:53 . 2011-08-25 18:12 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-01 04:44 . 2012-06-13 13:53 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17 . 2012-06-13 13:53 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 04:45 . 2012-06-13 13:53 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45 . 2012-06-13 13:53 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-13 13:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 04:36 . 2012-06-13 13:53 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 13:53 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 13:53 103936 ----a-w- c:\windows\system32\cryptnet.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [x] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvix86.sys [x] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [x] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x] R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\SYMEFA.SYS [x] . . Inhalt des "geplante Tasks" Ordners . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 17:52] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 17:52] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.at/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 10.0.0.138 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-WSDPrintProxy - c:\users\NIKITA\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\conhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-20 11:28:02 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-20 09:28 . Vor Suchlauf: 9 Verzeichnis(se), 20.648.235.008 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 20.396.244.992 Bytes frei . - - End Of File - - 066F0F5CA2937E469C5FE1892C014BAE Geändert von Nik1 (20.07.2012 um 09:18 Uhr) |
20.07.2012, 20:16 | #6 |
/// Helfer-Team | Österreichischer Polizeitrojaner Sehr gut! 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. danach: Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Österreichischer Polizeitrojaner |
20.07.2012, 21:38 | #7 |
| Österreichischer Polizeitrojaner Hier der Malwarebyte-Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.20.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 NIKITA :: NIKITA-PC [Administrator] Schutz: Aktiviert 20.07.2012 22:01:15 mbam-log-2012-07-20 (22-01-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 375467 Laufzeit: 35 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/20/2012 at 22:39:52 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : NIKITA - NIKITA-PC # Running from : C:\Users\Ersatz2\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\NIKITA\AppData\Local\Babylon Folder Found : C:\Users\NIKITA\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\NIKITA\AppData\Roaming\Babylon Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Babylon ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [3932 octets] - [20/07/2012 22:39:52] ########## EOF - \AdwCleaner[R1].txt - [4060 octets] ########## Das Polizei-PopUp ist übrigens weg - ich kann wieder auf das System zugreifen. Ist der Trojaner nun weg? Habe jetzt mit Norton das entdeckt. Was hat das nun für mich zu bedeuten? Geändert von Nik1 (20.07.2012 um 21:44 Uhr) |
21.07.2012, 21:44 | #8 |
/// Helfer-Team | Österreichischer Polizeitrojaner Die Grafik ist zu klein, ich kann da nichts erkennen. Lade es mal hier hoch: Saved.im oder schreibe es mir ab.
|
21.07.2012, 22:27 | #9 |
| Österreichischer Polizeitrojaner Da steht drauf: Trojan.Maljava von Virenscanner erkannt am Samstag 11.Februar 2012 22:12(???) wiki.class enthielt Bedrohung: Trojan.Maljava Risiko: Hoch Empfohlene Aktion: Behoben - Keine Aktion erforderlich Hier der Log: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/21/2012 at 23:30:06 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : NIKITA - NIKITA-PC # Running from : C:\Users\Ersatz2\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\NIKITA\AppData\Local\Babylon Folder Deleted : C:\Users\NIKITA\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\NIKITA\AppData\Roaming\Babylon Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[S1].txt - [4026 octets] - [21/07/2012 23:30:06] AdwCleaner[R1].txt - [4059 octets] - [20/07/2012 22:39:52] ########## EOF - \AdwCleaner[S1].txt - [4214 octets] ########## Geändert von Nik1 (21.07.2012 um 22:32 Uhr) |
21.07.2012, 22:32 | #10 | |
/// Helfer-Team | Österreichischer PolizeitrojanerZitat:
bitte weitermachen: http://www.trojaner-board.de/119900-...tml#post870818 |
22.07.2012, 10:07 | #11 |
| Österreichischer Polizeitrojaner Noch ein Log von adwcleaner? |
22.07.2012, 10:15 | #12 |
/// Helfer-Team | Österreichischer Polizeitrojaner Sorry, hab mich verguckt Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
22.07.2012, 12:11 | #13 |
| Österreichischer Polizeitrojaner Habe den Scan gemacht, kann aber auf das Log nicht zugreifen. Ich habe vorgestern den Namen des Kontos "Ersatz2" auf "Ersatzkonto" geändert, der Log wurde aber laut Fenster auf "Ersatz2" gespeichert. Dort ist es aber nicht zufinden. Ich habe es seltsamerweise bei dem Administratorkonto gefunden: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 22.07.2012 11:51:10 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\ Archiv Scan: An ADS Scan: An Scan Beginn: 22.07.2012 11:51:38 C:\Program Files\Leisure Media\Digitaler Auto- und Motorradatlas\imgman32.dll gefunden: Malware.Win32.AMN!E1 Gescannt 723732 Gefunden 1 Scan Ende: 22.07.2012 13:03:50 Scan Zeit: 1:12:12 C:\Program Files\Leisure Media\Digitaler Auto- und Motorradatlas\imgman32.dll Quarantäne Malware.Win32.AMN!E1 Quarantäne 1 |
22.07.2012, 18:15 | #14 |
/// Helfer-Team | Österreichischer Polizeitrojaner Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
22.07.2012, 21:23 | #15 |
| Österreichischer Polizeitrojaner Hier der Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2f55082b32e2214c8ae7660d37f24103 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-22 08:21:40 # local_time=2012-07-22 10:21:40 (+0100, Mitteleuropäische Sommerzeit ) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3588 16777214 85 82 437236 46872762 0 0 # compatibility_mode=5893 16776574 100 94 167174 94611147 0 0 # compatibility_mode=8192 67108863 100 0 161 161 0 0 # scanned=241085 # found=1 # cleaned=1 # scan_time=8544 L:\NIKITA-PC\Backup Set 2012-05-06 193520\Backup Files 2012-05-06 193520\Backup files 1.zip Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C |
Themen zu Österreichischer Polizeitrojaner |
bekannte, bka-trojaner, datei, entdeck, entdeckt, explorer.exe, hoffe, manipuliert, modus, neue, neuen, polizei, polizeitrojaner, shell, windows, windows 7 |