Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei Trojaner Österreich eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.08.2012, 14:54   #1
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Hallo, hab mir den Trojaner auch eingefangen, bitte um Hilfe.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:44 on 28/08/2012 (Leo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 28.08.2012 14:46:44 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Leo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 84,18% Memory free
5,94 Gb Paging File | 5,68 Gb Available in Paging File | 95,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 10,81 Gb Free Space | 11,72% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 5,80 Gb Free Space | 4,40% Space Free | Partition Type: NTFS
 
Computer Name: LEO-PC | User Name: Leo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.28 14:40:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Leo\Desktop\OTL.exe
PRC - [2009.10.02 23:34:42 | 000,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.03 03:18:02 | 007,569,408 | ---- | M] () -- c:\Program Files\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.02.27 13:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.03.23 18:32:20 | 001,740,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3DataManager\WTGService.exe -- (WTGService)
SRV - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - [2011.08.02 19:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 17:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011.03.23 17:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.03.23 17:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011.03.23 17:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.03.23 17:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011.01.11 18:04:19 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.01.11 18:04:19 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.01.11 18:04:19 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.01.11 18:04:19 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.06.30 19:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.26 06:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE_deAT350
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.13 00:07:55 | 000,000,000 | ---D | M]
 
[2011.08.06 14:36:34 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: Facemoods = C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FSC OSD Utility] c:\Program Files\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found
O4 - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{C39E165D-2069-83E7-1A77-212AD65B3865}] C:\Users\Leo\AppData\Roaming\Ytycd\awhyovo.exe ()
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Smart Bro] C:\Program Files\Smart Bro\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CCCCA6E-8C5F-4A8B-8AFE-A409BD6C6DB4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CBCFD11-E818-43B0-B559-B1218B3299E8}: DhcpNameServer = 213.153.32.129 213.153.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D30E058-D62F-4673-A3AE-A4B6688936E1}: DhcpNameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFD1C39-1B92-4583-A662-92B754A1ECCE}: DhcpNameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C592BB26-E35E-4BB2-BD4A-0A0A78C130B3}: DhcpNameServer = 121.1.3.172 121.1.3.89
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6704a98a-9ff5-11e1-b860-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{6704a98a-9ff5-11e1-b860-001e101f36d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698f0547-ee01-11de-a08a-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{698f0547-ee01-11de-a08a-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c1f0cd1-a996-11e1-b4f7-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{6c1f0cd1-a996-11e1-b4f7-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{77f545e6-13d6-11df-b09b-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{77f545e6-13d6-11df-b09b-00225f51bca3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7d0b806f-0030-11df-8179-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0b806f-0030-11df-8179-00225f51bca3}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7e396649-53bc-11df-b92b-00225f51bca3}\Shell\AutoRun\command - "" = F:\mh.exe
O33 - MountPoints2\{7e396649-53bc-11df-b92b-00225f51bca3}\Shell\open\Command - "" = F:\mh.exe
O33 - MountPoints2\{7e39664f-53bc-11df-b92b-00225f51bca3}\Shell\AutoRun\command - "" = F:\mh.exe
O33 - MountPoints2\{7e39664f-53bc-11df-b92b-00225f51bca3}\Shell\open\Command - "" = F:\mh.exe
O33 - MountPoints2\{86f6f8ad-d98a-11de-aeab-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{86f6f8ad-d98a-11de-aeab-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2982313-9293-11e1-b41a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{b2982313-9293-11e1-b41a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bfdf9f00-d983-11de-80e5-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{bfdf9f00-d983-11de-80e5-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4366030-dfc3-11de-9ea2-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{c4366030-dfc3-11de-9ea2-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eac475a5-daa5-11de-8d69-00238b40a0e1}\Shell - "" = AutoRun
O33 - MountPoints2\{eac475a5-daa5-11de-8d69-00238b40a0e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eac475a7-daa5-11de-8d69-00238b40a0e1}\Shell - "" = AutoRun
O33 - MountPoints2\{eac475a7-daa5-11de-8d69-00238b40a0e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f0f80561-1b37-11e0-9f02-00225f51bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{f0f80561-1b37-11e0-9f02-00225f51bca3}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 14:49:53 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Roaming\Malwarebytes
[2012.08.28 14:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 14:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 14:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.28 14:46:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Leo\Desktop\OTL.exe
[2012.08.28 14:46:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Leo\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.25 13:14:19 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\mixed 2010
[2012.08.25 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\phils 10
[2012.08.25 13:06:39 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\ams
[2012.08.25 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\honda cbr
[2012.08.24 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
[2012.08.24 13:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.08.24 13:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\System.Data.SQLite
[2012.08.24 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\Amsterdam 12
[2012.08.23 19:46:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.23 19:46:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.23 19:46:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.23 19:46:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.23 19:46:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.23 19:46:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.23 19:46:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.23 19:45:56 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 14:50:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.28 14:49:46 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.28 14:49:08 | 000,670,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.28 14:49:08 | 000,631,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.28 14:49:08 | 000,143,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.28 14:49:08 | 000,118,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.28 14:45:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 14:40:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Leo\Desktop\OTL.exe
[2012.08.28 14:39:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.28 14:39:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Leo\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.28 14:32:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 14:32:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 14:32:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 14:25:26 | 000,001,732 | ---- | M] () -- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.28 14:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 12:59:05 | 000,128,399 | ---- | M] () -- C:\Users\Leo\Desktop\557979_3207025189555_787797496_n.jpg
[2012.08.27 23:09:39 | 000,245,248 | ---- | M] () -- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.24 13:09:19 | 000,001,981 | ---- | M] () -- C:\Users\Leo\Desktop\iDevice Manager.lnk
[2012.08.24 12:34:33 | 000,312,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.28 14:49:46 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.28 14:25:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.28 14:25:26 | 000,001,732 | ---- | C] () -- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.28 13:02:22 | 000,128,399 | ---- | C] () -- C:\Users\Leo\Desktop\557979_3207025189555_787797496_n.jpg
[2012.08.24 13:09:19 | 000,001,981 | ---- | C] () -- C:\Users\Leo\Desktop\iDevice Manager.lnk
[2011.12.09 16:49:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.03.09 22:39:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.02.05 13:08:48 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.11.21 23:27:11 | 000,217,088 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2009.11.14 11:19:20 | 000,000,000 | ---- | C] () -- C:\Users\Leo\AppData\Roaming\wklnhst.dat
[2009.10.19 19:30:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.19 13:43:12 | 000,245,248 | ---- | C] () -- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Users\Leo\AppData\Roaming\MafiaSetup.exe

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 28.08.2012 14:46:44 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Leo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 84,18% Memory free
5,94 Gb Paging File | 5,68 Gb Available in Paging File | 95,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 10,81 Gb Free Space | 11,72% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 5,80 Gb Free Space | 4,40% Space Free | Partition Type: NTFS
 
Computer Name: LEO-PC | User Name: Leo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\vlc media player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\vlc media player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0503F403-518E-4F1B-8D4D-F6752AA9A337}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0F8ED13A-78BB-4F9B-BF4E-06C3F86FEC13}" = rport=137 | protocol=17 | dir=out | app=system | 
"{12E14DF2-F297-4FD9-873F-049D39C53AC7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2A7BC351-8720-49B5-B73E-854BF0ABBABB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{40AD3A3B-5B39-45C8-8C51-FBBDB440AE10}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4F6DAB9A-7744-446D-BD0C-260CC9A4B1BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4FC7789D-5E42-46FE-BB4C-E0745FBB1051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{646533BF-7C90-4F96-B8F1-E84C548532B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{65F65932-AE79-45B0-B10F-207CD69C11A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6725A18D-655B-4180-BE32-19003AC47823}" = lport=445 | protocol=6 | dir=in | app=system | 
"{848F2B96-44BA-465C-A414-9F04B12FCD91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E986BA9-A66C-4ED0-8C7D-EB8B3911FEB3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A196FE10-2844-44B6-B735-DB0B606D4E56}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B6889676-8D30-4715-A436-A904FB20FFB5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9F9E2EF-0C52-4C2E-AB6E-7CFF88F3639A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BA313532-68D4-40C8-ADD5-5589A9D384FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D87A32EC-11A2-4821-A078-0E30C124718A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC6447D4-3067-44BE-80FC-F73803D5FC6B}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B5EBD74-89B3-4A69-AF69-D31C175BE007}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{28AB4D81-CF8D-455D-86C2-11BBD5D2E357}" = protocol=6 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{29E6CB61-8153-4F92-BF35-6973FAA2AA2F}" = protocol=17 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2C98EE29-8B00-45D8-BBDE-7A5D8C6CB85D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2E97C170-1800-4B13-A67A-8454DCCDF542}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{31814022-A987-45F4-9094-A75473988B00}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{43165548-6168-4AE5-9D19-CF6D1732F5F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4676CDE3-5256-4255-A26F-72FE367D6911}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{46B964FD-31BF-40BC-B35A-037295E6DFC0}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{6FD2D384-AB41-4DA4-9667-A70D9EA6372B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7C28D5C9-E59F-4802-A754-4803CF31F9F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7FB25F23-DF21-4EC1-81F7-71876A55F280}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{92F75C83-9C41-4DCF-BDE1-E41AD3AEAD10}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9EEC65AB-AAAB-43AE-A29A-D3BC210F14B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ADC162A5-37AD-4BB6-84D4-2CA6A4937837}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B51F04EE-A9F5-4F26-9F60-120E59182CB5}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{B7773AC4-331F-4D2F-B5ED-02C83A41E5AA}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{C9466E0F-65B5-4195-81B9-667533D3E83D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{07F2C7E5-7A81-4410-8902-4173C381637C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{280289DC-22BF-4CFB-83F4-F6E9B5EC03FD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{2F417F3F-CB6A-4F1A-AEF6-D326B0C162EF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{710F744E-09AC-44D9-A254-69F67CA78280}C:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{7A7D7F6E-C286-4E12-A009-BF72964E35B9}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{90B22E20-DEC1-4437-B93D-3FDCA92BCFD3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{2B08BD65-CBDA-43A2-B595-2A4AB99719E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{2B1C7B00-FA4B-40E7-9FE5-4BF76F8A07BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{7962EB8C-4474-453D-A674-DDBF3AE0EC3F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7C3F76E8-81CF-479F-B2CD-5EFB3FC1D1B9}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{89680D8C-E933-4781-B050-ADBDEA48CFFA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{8D6053A8-A9E9-4FE5-A980-6A074210FE72}C:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46CEB912-82BB-416B-8328-1A32CFD1754C}" = Garmin Lifetime Updater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone-Konfigurationsprogramm
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"3DataManager" = 3DataManager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Picasa2" = Picasa 2
"Shockwave" = Shockwave
"Smart Bro" = Smart Bro
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2012 13:28:18 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.02.2012 13:28:18 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1450
 
Error - 22.02.2012 13:28:18 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1450
 
Error - 22.02.2012 13:28:19 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.02.2012 13:28:19 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2464
 
Error - 22.02.2012 13:28:19 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2464
 
Error - 22.02.2012 13:28:20 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.02.2012 13:28:20 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3619
 
Error - 22.02.2012 13:28:20 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3619
 
Error - 29.02.2012 13:12:55 | Computer Name = Leo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.03.2012 04:17:59 | Computer Name = Leo-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 05.02.2011 07:02:20 | Computer Name = Leo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 488
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 09.01.2012 12:41:11 | Computer Name = Leo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1374
 seconds with 960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.08.2012 08:46:54 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-08-28 15:49:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: m3qcmr2n.exe; Driver: C:\Users\Leo\AppData\Local\Temp\ufldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

Ich hoffe ich hab alles richtig gemacht soweit.

Vielen Dank im voraus.

mfg Leo

Alt 28.08.2012, 15:17   #2
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE_deAT350 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
CHR - Extension: Facemoods = C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\ 
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found 
O4 - HKLM..\Run: [Skytel] Skytel.exe File not found 
O4 - HKCU..\Run: [{C39E165D-2069-83E7-1A77-212AD65B3865}] C:\Users\Leo\AppData\Roaming\Ytycd\awhyovo.exe () 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found 
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found 
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found 
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found 
O29 - HKLM SecurityProviders - (credssp.dll) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\Shell - "" = AutoRun 
O33 - MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{6704a98a-9ff5-11e1-b860-001e101f36d9}\Shell - "" = AutoRun 
O33 - MountPoints2\{6704a98a-9ff5-11e1-b860-001e101f36d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{698f0547-ee01-11de-a08a-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{698f0547-ee01-11de-a08a-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{6c1f0cd1-a996-11e1-b4f7-001e101f1838}\Shell - "" = AutoRun 
O33 - MountPoints2\{6c1f0cd1-a996-11e1-b4f7-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{77f545e6-13d6-11df-b09b-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{77f545e6-13d6-11df-b09b-00225f51bca3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 
O33 - MountPoints2\{7d0b806f-0030-11df-8179-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{7d0b806f-0030-11df-8179-00225f51bca3}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{7e396649-53bc-11df-b92b-00225f51bca3}\Shell\AutoRun\command - "" = F:\mh.exe 
O33 - MountPoints2\{7e39664f-53bc-11df-b92b-00225f51bca3}\Shell\AutoRun\command - "" = F:\mh.exe 
O33 - MountPoints2\{86f6f8ad-d98a-11de-aeab-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{86f6f8ad-d98a-11de-aeab-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{b2982313-9293-11e1-b41a-001e101f2c0e}\Shell - "" = AutoRun 
O33 - MountPoints2\{b2982313-9293-11e1-b41a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{bfdf9f00-d983-11de-80e5-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{bfdf9f00-d983-11de-80e5-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{c4366030-dfc3-11de-9ea2-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{c4366030-dfc3-11de-9ea2-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{eac475a5-daa5-11de-8d69-00238b40a0e1}\Shell - "" = AutoRun 
O33 - MountPoints2\{eac475a5-daa5-11de-8d69-00238b40a0e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{eac475a7-daa5-11de-8d69-00238b40a0e1}\Shell - "" = AutoRun 
O33 - MountPoints2\{eac475a7-daa5-11de-8d69-00238b40a0e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{f0f80561-1b37-11e0-9f02-00225f51bca3}\Shell - "" = AutoRun 
O33 - MountPoints2\{f0f80561-1b37-11e0-9f02-00225f51bca3}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe 
 
[2012.08.28 14:39:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
[2012.08.28 14:25:26 | 000,001,732 | ---- | M] () -- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2009.10.19 19:30:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
:Files

C:\Users\Leo\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Leo\AppData\Local\Temp\*.exe
C:\Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 28.08.2012, 17:34   #3
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Ok, Vielen Dank erstmal für die schnelle und hilfreiche Antwort.

Code:
ATTFilter
All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service hwusbfake stopped successfully!
Service hwusbfake deleted successfully!
File system32\DRIVERS\ewusbfake.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\style folder moved successfully.
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\js folder moved successfully.
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\img folder moved successfully.
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVCpl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{C39E165D-2069-83E7-1A77-212AD65B3865} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39E165D-2069-83E7-1A77-212AD65B3865}\ not found.
File C:\Users\Leo\AppData\Roaming\Ytycd\awhyovo.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\Windows\Downloaded Program Files\ieawsdc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:Control_RunDLL "sysdm.cpl" deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10692cb1-de66-11de-9b14-00225f51bca3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10692cb1-de66-11de-9b14-00225f51bca3}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4084f77a-2274-11e1-80a5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4084f77a-2274-11e1-80a5-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4084f8d4-2274-11e1-80a5-001e101f36d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4084f8d4-2274-11e1-80a5-001e101f36d9}\ not found.
File F:\AutoRun.exe not found.
         


Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Leo :: LEO-PC [Administrator]

Schutz: Aktiviert

28.08.2012 17:03:13
mbam-log-2012-08-28 (18-21-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373370
Laufzeit: 1 Stunde(n), 17 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\08282012_165428\C_Users\Leo\AppData\Local\Temp\install_0_msi.exe (Trojan.PWS) -> Keine Aktion durchgeführt.
C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/28/2012 at 18:25:02
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Leo - LEO-PC
# Boot Mode : Normal
# Running from : C:\Users\Leo\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Folder Found : C:\Users\Leo\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Leo\AppData\LocalLow\facemoods.com
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :                   "css": [ "style/facemoods_chrome_1.0.1.css" ],
Found :                "name": "Facemoods",
Found :                "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Found :                "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

*************************

AdwCleaner[R1].txt - [2285 octets] - [28/08/2012 18:25:02]

########## EOF - C:\AdwCleaner[R1].txt - [2413 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/28/2012 at 18:26:19
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Leo - LEO-PC
# Boot Mode : Normal
# Running from : C:\Users\Leo\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Folder Deleted : C:\Users\Leo\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Leo\AppData\LocalLow\facemoods.com
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :                   "css": [ "style/facemoods_chrome_1.0.1.css" ],
Deleted :                "name": "Facemoods",
Deleted :                "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Deleted :                "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

*************************

AdwCleaner[R1].txt - [2414 octets] - [28/08/2012 18:25:02]
AdwCleaner[S1].txt - [2387 octets] - [28/08/2012 18:26:19]

########## EOF - C:\AdwCleaner[S1].txt - [2515 octets] ##########
         
Danke, mfg Leo
__________________

Alt 29.08.2012, 01:06   #4
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 08:54   #5
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Der Rechner läuft wieder gut soweit. Hatte nur beim Starten eine Meldung dass der Background Guard nicht funktioniert? War das erste Hochfahren seit dem Scan mit anti-Malware.


Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 28.08.2012 18:54:24

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	28.08.2012 18:55:14

C:\_OTL\MovedFiles\08282012_165428\C_Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d4205e0-5dc7cc95 -> b4a\b4f.class 	gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08282012_165428\C_Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d4205e0-5dc7cc95 -> b4a\b4e.class 	gefunden: Exploit.Java.Blacole!E2

Gescannt	614511
Gefunden	2

Scan Ende:	29.08.2012 00:18:43
Scan Zeit:	5:23:29
         


Alt 29.08.2012, 20:00   #6
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Zitat:
Background Guard
Was ist das?
__________________
--> Polizei Trojaner Österreich eingefangen

Alt 29.08.2012, 20:49   #7
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Frage ich mih auch, hab keine Ahnung. Sonst funktioniert alles

Alt 29.08.2012, 23:27   #8
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 10:29   #9
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2d76e2d2457d0e4ca899ae1b1495a9dc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-30 12:45:11
# local_time=2012-08-30 02:45:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5378 16777214 0 8 29137628 29221159 0 0
# compatibility_mode=5892 16776573 100 100 0 183813723 0 0
# compatibility_mode=8192 67108863 100 0 466 466 0 0
# scanned=170774
# found=1
# cleaned=1
# scan_time=6516
C:\_OTL\MovedFiles\08282012_165428\C_Users\Leo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d4205e0-5dc7cc95	Java/Exploit.CVE-2012-1723.BI trojan (deleted - quarantined)	00000000000000000000000000000000	C
         

Alt 30.08.2012, 19:38   #10
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 22:33   #11
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Code:
ATTFilter
PluginCheck

 Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
 Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
 


Internet Explorer 9.0 ist aktuell

Flash 11,0,1,152 ist veraltet! 
Aktualisieren Sie bitte auf die neueste Version!



Java (1,7,0,7) ist aktuell.

Adobe Reader 9,2,0,0 ist veraltet! 
Aktualisieren Sie bitte auf die neueste Version: 10,1,3
         

Alt 31.08.2012, 16:36   #12
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 19:43   #13
mudvayne
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



OK, Vielen Dank t'john für die rasche und echt gute Hilfe, hast mich vor einer Systemwiederherstellung und Datenverlust gerettet. Ist echt ein super Forum hier!

Alt 02.09.2012, 20:23   #14
t'john
/// Helfer-Team
 
Polizei Trojaner Österreich eingefangen - Standard

Polizei Trojaner Österreich eingefangen



wir wuenschen eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Polizei Trojaner Österreich eingefangen
adobe, bho, bonjour, browser, converter, defender, error, excel, firefox, flash player, format, google earth, home, homepage, jdownloader, logfile, mp3, norman, office 2007, picasa, realtek, registry, rundll, scan, software, svchost.exe, trojaner, udp, vista




Ähnliche Themen: Polizei Trojaner Österreich eingefangen


  1. Polizei Virus Österreich eingefangen
    Log-Analyse und Auswertung - 15.12.2012 (13)
  2. Polizei Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (11)
  3. Polizei Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (1)
  4. Polizei Österreich Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (32)
  5. Polizei-Trojaner-Österreich-Virus
    Log-Analyse und Auswertung - 25.10.2012 (11)
  6. Polizei-Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (4)
  7. Polizei Trojaner Österreich :( win 7 64bit
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (19)
  8. !Hilfe! hab mir Trojaner Polizei Österreich eingefangen!Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  9. Polizei-Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (7)
  10. Polizei-Trojaner Österreich erwischt
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (13)
  11. Polizei Österreich Trojaner (CSD)
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (1)
  12. Polizei Trojaner (Österreich) Infektion am 01.08.
    Log-Analyse und Auswertung - 07.08.2012 (14)
  13. Habe mir Österreich-Version des Polizei-Trojaners eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (20)
  14. Trojaner Polizei Österreich 100€
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (17)
  15. Polizei Trojaner Österreich
    Log-Analyse und Auswertung - 16.07.2012 (8)
  16. Polizei Trojaner Österreich
    Log-Analyse und Auswertung - 09.07.2012 (2)
  17. Polizei Trojaner (Österreich Version)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)

Zum Thema Polizei Trojaner Österreich eingefangen - Hallo, hab mir den Trojaner auch eingefangen, bitte um Hilfe. Code: Alles auswählen Aufklappen ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:44 on 28/08/2012 (Leo) Checking for autostart values... - Polizei Trojaner Österreich eingefangen...
Archiv
Du betrachtest: Polizei Trojaner Österreich eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.