| |
| |||||||
Log-Analyse und Auswertung: Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren UsernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.11.2012, 07:19
| #5 |
| |  Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Super, nebenbei wurden an die 1GB Temp-Files freigeschaufelt. Und tatsächlich gibt es noch immer einige Funde. Hier die Logfiles: OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=4cf8908f000000000000001617f055eb" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{56361A71-4E9F-401D-9E12-8AEAA3D7A672} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56361A71-4E9F-401D-9E12-8AEAA3D7A672}\ not found.
Registry value HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1302878949 bytes
->Temporary Internet Files folder emptied: 754887721 bytes
->Java cache emptied: 17466615 bytes
->FireFox cache emptied: 27144232 bytes
->Flash cache emptied: 9587 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 482264 bytes
->Temporary Internet Files folder emptied: 11016494 bytes
->Java cache emptied: 527804 bytes
->Flash cache emptied: 506 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 14531106 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: *******
->Temp folder emptied: 255531952 bytes
->Temporary Internet Files folder emptied: 648762932 bytes
->Java cache emptied: 135168796 bytes
->FireFox cache emptied: 17804083 bytes
->Opera cache emptied: 19627248 bytes
->Flash cache emptied: 1102570 bytes
User: +++++++
->Temp folder emptied: 18761702 bytes
->Temporary Internet Files folder emptied: 65916234 bytes
->Java cache emptied: 181229 bytes
->Flash cache emptied: 405 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 12724103 bytes
%systemroot%\System32\dllcache .tmp files removed: 584192 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90444208 bytes
RecycleBin emptied: 4278980245 bytes
Total Files Cleaned = 7.321,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11282012_215944
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8c24604a53c9284f892078ad67a5f1c7
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 01:12:19
# local_time=2012-11-29 02:12:19 (+0100, Westeuropäische Normalzeit)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 32359764 32359764 0 0
# compatibility_mode=8192 67108863 100 0 3841 3841 0 0
# scanned=163021
# found=2
# cleaned=0
# scan_time=13782
C:\Dokumente und Einstellungen\All Users\Dokumente\Computer\Software\nero\Nero-7.8.5.0_deu_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\*******\Anwendungsdaten\phonostar-Player\update2.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
lg honza Geändert von honza (29.11.2012 um 07:32 Uhr) Grund: anonymisiert |
| Themen zu Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern |
| administrator, alten, anbei, benutzer, compu, computer, cyber, cyber crime investigation department, cyber crime investigation department polizei, desktop, forums, konnte, konto, lahm, logfiles, malwarebytes, mehrere user, mehreren, nachhaltig, polizei, reinigen, sp3, usern, virus, windows, windows xp, windows xp sp3 |
Baum-Darstellung