Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Bundespolizei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2012, 21:04   #1
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Guten Abend,
ich sitze hier gerade am Rechner meines Vaters, der sich den Bundespolizei-Trojaner eingefangen hat. Der Rechner ist ein Netbook, also ohne CD-Laufwerk. Folgendes Verhalten trat laut seinen Aussagen auf:

- es war die seite von ukash zu sehen, mit einer Zahlungsaufforderung
- irgendwie hat er es geschafft über den task-manager die blockierung aufzuheben und den rechner zurückzusetzen
- beim scanen mit avira antivir wurden auch 2 Trojaner gefunden, einer davon hieß irgendetwas mit glomo.exe

Ich habe ihm gesagt, dass ich mir den Rechner vorsichtshalber nochmal (mit eurer Hilfe) angucken möchte. Leider hat mein Vater kein richtiges Gespür dafür, auf welchen Seiten Trojaner lauern, daher ist er viel auf freeware-games seiten unterwegs.

Könnt ihr mir helfen, den Rechner nochmal zu checken? Die LOG-Files der scans habe ich angehangen. Leider hat der scan mit GMER nicht richtig funktioniert und der Rechner ist irgendwann immer abgestürzt und hat sich neu gestartet.

Grüße,
dke

Alt 25.07.2012, 02:24   #2
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwrchid.sys -- (btwrchid) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwavdt.sys -- (btwavdt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox 
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.09 19:13:44 | 000,000,000 | ---D | M] 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () 
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found 

O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) 
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) 
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) 
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
[2012.07.08 13:55:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 
[2030.01.02 12:20:36 | 000,383,786 | RHS- | C] () -- C:\bootmgr 
[2012.07.06 23:17:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad 
[2012.05.01 15:24:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll 
[2012.05.01 15:24:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.05.01 15:24:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2012.05.01 15:24:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012.05.01 15:24:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.05.01 15:24:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.05.01 15:24:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.07.14 19:14:30 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job 
[2012.07.14 19:06:41 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.14 19:06:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat 
[2012.07.14 18:43:13 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.08 13:55:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 
[2030.01.02 12:20:35 | 000,000,000 | -HSD | C] -- C:\Boot 
[2030.01.02 12:20:36 | 000,383,786 | RHS- | C] () -- C:\bootmgr 
[2012.07.06 23:17:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad 
:Files

C:\windows\System32\AsusSender.exe
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\ProgramData\go_0molg.pad
C:\bootmgr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 25.07.2012, 09:42   #3
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



guten morgen,
hab ich soweit alles gemacht - allerdings kann er jetzt nicht megr booten, nachdem OTL den Neustart verlangt hat:

BOOTMGR is missing
Press CTRL+ALT+DEL to restart

????

grüße
dke
__________________

Alt 25.07.2012, 15:43   #4
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



hi,

boote von der Windows cd und fuehre Systemstartreparatur aus!

Name:  bootmgr-reparieren.png
Hits: 313
Größe:  28,5 KB
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 16:03   #5
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



hallo,
soweit war ich auch schon, aber es handelt sich ja um ein netbook (ohne cd-laufwerk). ich muss daher ein bootable usb-stick erstellen, was ich nach dieser anleitung getan habe:

hxxp://mintywhite.com/windows-7/7maintenance/windows-wont-load-system-repair-disc-fix-pc/

Leider funktioniert dass nicht und er erkennt den stick nicht als bootfähig...

dke


Alt 25.07.2012, 16:09   #6
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Probiere es so: hxtp://www.chip.de/downloads/Windows-7-USB_DVD-Download-Tool_38589636.html

http://www.trojaner-board.de/100776-...-download.html
__________________
--> Trojaner Bundespolizei

Alt 07.08.2012, 11:53   #7
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



moin moin,
sorry dass das so lange gedauert hat. ich hatte anfangsprobleme mit meinem usb-stick usw. letztendlich habe ich alles hinbekommen.

hier das OTL-Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service btwrchid stopped successfully!
Service btwrchid deleted successfully!
File C:\windows\system32\drivers\btwrchid.sys not found.
Service btwl2cap stopped successfully!
Service btwl2cap deleted successfully!
File system32\DRIVERS\btwl2cap.sys not found.
Service btwavdt stopped successfully!
Service btwavdt deleted successfully!
File C:\windows\system32\drivers\btwavdt.sys not found.
Service btwaudio stopped successfully!
Service btwaudio deleted successfully!
File system32\drivers\btwaudio.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Boingo Wi-Fi deleted successfully.
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EeeSplendidAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotkeyService deleted successfully.
C:\Windows\System32\AsusSender.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LiveUpdate deleted successfully.
File C:\windows\System32\AsusSender.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SuperHybridEngine deleted successfully.
File C:\windows\System32\AsusSender.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\go_0molg.pad moved successfully.
C:\bootmgr moved successfully.
File C:\ProgramData\go_0molg.pad not found.
C:\Program Files\mozilla firefox\components\browsercomps.dll moved successfully.
C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\bootstat.dat moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File C:\ProgramData\go_0molg.pad not found.
Folder move failed. C:\Boot\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-HK scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\Boot\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\Boot\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\Boot\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\Boot\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\Boot\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\Boot\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\Boot\it-IT scheduled to be moved on reboot.
Folder move failed. C:\Boot\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\Boot\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\Boot\Fonts scheduled to be moved on reboot.
Folder move failed. C:\Boot\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\Boot\es-ES scheduled to be moved on reboot.
Folder move failed. C:\Boot\en-US scheduled to be moved on reboot.
Folder move failed. C:\Boot\el-GR scheduled to be moved on reboot.
Folder move failed. C:\Boot\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Boot\da-DK scheduled to be moved on reboot.
Folder move failed. C:\Boot\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\Boot scheduled to be moved on reboot.
File C:\bootmgr not found.
File C:\ProgramData\go_0molg.pad not found.
========== FILES ==========
File\Folder C:\windows\System32\AsusSender.exe not found.
File\Folder C:\windows\tasks\Adobe Flash Player Updater.job not found.
File\Folder C:\windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File\Folder C:\windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder C:\ProgramData\go_0molg.pad not found.
File\Folder C:\bootmgr not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\peter\Desktop\cmd.bat deleted successfully.
C:\Users\peter\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327990 bytes
->Flash cache emptied: 56818 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: peter
->Temp folder emptied: 165049140 bytes
->Temporary Internet Files folder emptied: 21493059 bytes
->Java cache emptied: 617094 bytes
->FireFox cache emptied: 870536963 bytes
->Google Chrome cache emptied: 1976120 bytes
->Flash cache emptied: 57303 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193062462 bytes
RecycleBin emptied: 4192 bytes
 
Total Files Cleaned = 1.195,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: peter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_102837

Files\Folders moved on Reboot...
Folder move failed. C:\Boot\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-HK scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\Boot\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\Boot\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\Boot\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\Boot\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\Boot\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\Boot\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\Boot\it-IT scheduled to be moved on reboot.
Folder move failed. C:\Boot\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\Boot\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\Boot\Fonts scheduled to be moved on reboot.
Folder move failed. C:\Boot\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\Boot\es-ES scheduled to be moved on reboot.
Folder move failed. C:\Boot\en-US scheduled to be moved on reboot.
Folder move failed. C:\Boot\el-GR scheduled to be moved on reboot.
Folder move failed. C:\Boot\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Boot\da-DK scheduled to be moved on reboot.
Folder move failed. C:\Boot\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-HK scheduled to be moved on reboot.
Folder move failed. C:\Boot\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\Boot\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\Boot\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\Boot\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\Boot\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\Boot\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\Boot\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\Boot\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\Boot\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\Boot\it-IT scheduled to be moved on reboot.
Folder move failed. C:\Boot\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\Boot\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\Boot\Fonts scheduled to be moved on reboot.
Folder move failed. C:\Boot\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\Boot\es-ES scheduled to be moved on reboot.
Folder move failed. C:\Boot\en-US scheduled to be moved on reboot.
Folder move failed. C:\Boot\el-GR scheduled to be moved on reboot.
Folder move failed. C:\Boot\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Boot\da-DK scheduled to be moved on reboot.
Folder move failed. C:\Boot\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\Boot scheduled to be moved on reboot.
C:\windows\temp\HS.log moved successfully.

PendingFileRenameOperations files...
File C:\Boot\zh-TW not found!
File C:\Boot\zh-HK not found!
File C:\Boot\zh-CN not found!
File C:\Boot\tr-TR not found!
File C:\Boot\sv-SE not found!
File C:\Boot\ru-RU not found!
File C:\Boot\pt-PT not found!
File C:\Boot\pt-BR not found!
File C:\Boot\pl-PL not found!
File C:\Boot\nl-NL not found!
File C:\Boot\nb-NO not found!
File C:\Boot\ko-KR not found!
File C:\Boot\ja-JP not found!
File C:\Boot\it-IT not found!
File C:\Boot\hu-HU not found!
File C:\Boot\fr-FR not found!
File C:\Boot\Fonts not found!
File C:\Boot\fi-FI not found!
File C:\Boot\es-ES not found!
File C:\Boot\en-US not found!
File C:\Boot\el-GR not found!
File C:\Boot\de-DE not found!
File C:\Boot\da-DK not found!
File C:\Boot\cs-CZ not found!
File C:\Boot not found!
File C:\windows\temp\HS.log not found!

Registry entries deleted on Reboot...
         

Geändert von dke (07.08.2012 um 11:55 Uhr) Grund: falscher BB-Code

Alt 07.08.2012, 13:16   #8
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Sehr gut!



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.08.2012, 15:33   #9
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



danke, malwarebytes hat nichts gefunden. hier der log vom adwcleaner:

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/07/2012 at 16:32:09
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : peter - PETER-PC
# Running from : C:\Users\peter\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\peter\AppData\Roaming\pdfforge
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Program Files\SweetIM
File Found : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\tbxsp5aj.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Found : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\tbxsp5aj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3596 octets] - [07/08/2012 16:32:09]

########## EOF - C:\AdwCleaner[R1].txt - [3724 octets] ##########
         

Alt 07.08.2012, 15:36   #10
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.08.2012, 21:16   #11
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Adwcleaner:
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/07/2012 at 22:08:13
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : peter - PETER-PC
# Running from : C:\Users\peter\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\peter\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Program Files\SweetIM
File Deleted : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\tbxsp5aj.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\tbxsp5aj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3725 octets] - [07/08/2012 16:32:09]
AdwCleaner[S1].txt - [3728 octets] - [07/08/2012 22:08:13]

########## EOF - C:\AdwCleaner[S1].txt - [3856 octets] ##########
         
Anti-Malware:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 07.08.2012 20:41:15

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	07.08.2012 20:41:53

C:\Users\peter\Downloads\PDFCreator-1_2_3_setup.exe 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Users\peter\AppData\LocalLow\pdfEngine\CHROME\pdfEngine.crx -> background.html 	gefunden: Trojan-Downloader.JS.Agent!E2
C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffkfifglkblfdjhokijnhaggggpjoai\2.19.7_0\background.html 	gefunden: Trojan-Downloader.JS.Agent!E2

Gescannt	525062
Gefunden	3

Scan Ende:	07.08.2012 22:04:41
Scan Zeit:	1:22:48

C:\Users\peter\AppData\LocalLow\pdfEngine\CHROME\pdfEngine.crx -> background.html	Quarantäne Trojan-Downloader.JS.Agent!E2
C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffkfifglkblfdjhokijnhaggggpjoai\2.19.7_0\background.html	Quarantäne Trojan-Downloader.JS.Agent!E2
C:\Users\peter\Downloads\PDFCreator-1_2_3_setup.exe	Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1

Quarantäne	3
         

Alt 07.08.2012, 23:38   #12
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.08.2012, 23:52   #13
dke
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c6a15322a83775428491e158e6c729ea
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-08 09:51:02
# local_time=2012-08-08 11:51:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15684687 15684687 0 0
# compatibility_mode=5893 16776573 100 94 37090 96038475 0 0
# compatibility_mode=8192 67108863 100 0 258 258 0 0
# scanned=86172
# found=12
# cleaned=12
# scan_time=12199
D:\PETER-PC\Backup Set 2012-02-23 081256\Backup Files 2012-02-23 081256\Backup files 8.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-03-19 223027\Backup Files 2012-03-19 223027\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-03-19 223027\Backup Files 2012-03-19 223027\Backup files 4.zip	HTML/ScrInject.B.Gen virus (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-04-15 190010\Backup Files 2012-04-15 190010\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-04-15 190010\Backup Files 2012-04-29 190006\Backup files 1.zip	a variant of Java/Exploit.CVE-2012-1723.AF trojan (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-05-20 221213\Backup Files 2012-05-20 221213\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-05-20 221213\Backup Files 2012-06-03 231204\Backup files 3.zip	a variant of Java/Exploit.CVE-2012-1723.AF trojan (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-06-24 215643\Backup Files 2012-06-24 215643\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-07-09 175143\Backup Files 2012-07-09 175143\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-07-09 175143\Backup Files 2012-07-09 175143\Backup files 7.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-07-09 192457\Backup Files 2012-07-09 192457\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
D:\PETER-PC\Backup Set 2012-07-09 192457\Backup Files 2012-07-09 192457\Backup files 7.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c6a15322a83775428491e158e6c729ea
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 04:16:50
# local_time=2012-08-09 06:16:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15788311 15788311 0 0
# compatibility_mode=5893 16776573 100 94 89407 96142099 0 0
# compatibility_mode=8192 67108863 100 0 103882 103882 0 0
# scanned=88232
# found=0
# cleaned=0
# scan_time=18122
         

Alt 10.08.2012, 12:24   #14
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 10:38   #15
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Trojaner Bundespolizei
antivir, avira, avira antivir, checken, eingefangen, folge, folgendes, funktioniert, gefangen, gen, gmer, gucken, guten, irgendetwas, neu, rechner, richtiges, rojaner gefunden, scanen, seite, seiten, task-manager, troja, trojaner, verhalten




Ähnliche Themen: Trojaner Bundespolizei


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema Trojaner Bundespolizei - Guten Abend, ich sitze hier gerade am Rechner meines Vaters, der sich den Bundespolizei-Trojaner eingefangen hat. Der Rechner ist ein Netbook, also ohne CD-Laufwerk. Folgendes Verhalten trat laut seinen Aussagen - Trojaner Bundespolizei...
Archiv
Du betrachtest: Trojaner Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.