Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2011, 18:39   #1
Rappi
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hallo zusammen,

ich habe mir an einem Vista Notebook auch diesen Bundespolizei trojaner eingefangen.

Wie in einem anderen Thread hier beschrieben habe ich mir OTLPen heruntergeladen und nach Anleitung abgearbeitet.

bei mir kann ich dann nach Obschluss des Scans eine OTL,txt sichern, eine Extras.txt gibt es da keine

meine OTL.txt sieht so aus.

OTL logfile created on: 7/30/2011 9:29:10 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.42 Gb Total Space | 122.49 Gb Free Space | 55.07% Space Free | Partition Type: NTFS
Drive D: | 3.68 Gb Total Space | 3.25 Gb Free Space | 88.16% Space Free | Partition Type: FAT32
Drive E: | 10.47 Gb Total Space | 1.79 Gb Free Space | 17.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Norton Internet Security)
SRV - File not found [On_Demand] -- -- (ACDaemon)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/05/28 02:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/05/25 02:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2009/08/06 14:11:44 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/06 14:11:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/20 04:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 04:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/23 11:18:20 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 07:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (SRTSPX)
DRV - File not found [File_System | System] -- -- (SRTSP)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (NAVEX15)
DRV - File not found [Kernel | On_Demand] -- -- (NAVENG)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/05/28 02:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/25 02:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/04/26 22:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/04/26 22:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010/04/26 22:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/08/29 09:42:28 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2009/08/06 14:11:59 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/08/06 14:11:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/06 14:11:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/20 04:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/23 07:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/19 18:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/22 01:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7c0d4876000000000000002556a9e95f&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f082c5e6-14c5-4619-8e93-07c2cb297e71} - C:\Program Files\Jetztspielen-\prxtbJet2.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2661025
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Nina_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Nina_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Nina_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\Nina_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\Nina_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKU\Nina_ON_C\..\URLSearchHook: {f082c5e6-14c5-4619-8e93-07c2cb297e71} - C:\Program Files\Jetztspielen-\prxtbJet2.dll (Conduit Ltd.)
IE - HKU\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 11:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 12:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/29 04:12:59 | 000,000,000 | ---D | M]

[2011/07/21 09:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/28 11:01:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/07/30 18:59:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/26 12:29:05 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/07/30 18:59:14 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009/07/30 18:59:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/10/04 13:17:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009/07/30 18:59:14 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Jetztspielen- Toolbar) - {f082c5e6-14c5-4619-8e93-07c2cb297e71} - C:\Program Files\Jetztspielen-\prxtbJet2.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Jetztspielen- Toolbar) - {f082c5e6-14c5-4619-8e93-07c2cb297e71} - C:\Program Files\Jetztspielen-\prxtbJet2.dll (Conduit Ltd.)
O3 - HKU\Nina_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Nina_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\Nina_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKU\Nina_ON_C\..\Toolbar\WebBrowser: (Jetztspielen- Toolbar) - {F082C5E6-14C5-4619-8E93-07C2CB297E71} - C:\Program Files\Jetztspielen-\prxtbJet2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Nina_ON_C..\Run: [4Y3Y0C3AWF7XZDWDVFOAB] File not found
O4 - HKU\Nina_ON_C..\Run: [avupdate] C:\Users\Nina\AppData\Roaming\jashla.exe (Galilean Cauchy Aesop Bellamy)
O4 - HKU\Nina_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\Nina_ON_C..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Nina_ON_C..\Run: [EPSON Stylus SX200 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Nina_ON_C..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Nina_ON_C..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/27 09:12:30 | 000,055,296 | ---- | M] () - D:\AutoRunCE.exe -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 20:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/29 13:42:49 | 000,134,656 | ---- | C] (Galilean Cauchy Aesop Bellamy) -- C:\Users\Nina\AppData\Roaming\jashla.exe
[2011/07/29 05:18:52 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Unity
[2011/07/29 04:59:34 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\Unity
[2011/07/19 16:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/14 11:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/07/13 02:53:20 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 02:53:06 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 02:53:06 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 12:53:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/30 12:42:15 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/30 12:40:33 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/07/30 12:40:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/30 12:39:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/30 12:39:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/30 12:39:43 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/29 13:42:49 | 000,134,656 | ---- | M] (Galilean Cauchy Aesop Bellamy) -- C:\Users\Nina\AppData\Roaming\jashla.exe
[2011/07/29 13:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 16:41:37 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/07/25 15:35:08 | 000,000,468 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nina.job
[2011/07/23 13:04:54 | 000,002,637 | ---- | M] () -- C:\Users\Nina\Desktop\Microsoft Office Word 2003.lnk
[2011/07/19 16:26:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/17 16:36:50 | 000,010,752 | ---- | M] () -- C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/16 09:24:43 | 000,642,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/07/16 09:24:43 | 000,607,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/16 09:24:43 | 000,132,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/07/16 09:24:43 | 000,108,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/15 04:18:54 | 000,453,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/03 10:58:44 | 000,000,680 | ---- | M] () -- C:\Users\Nina\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/16 14:55:44 | 000,000,092 | ---- | C] () -- C:\Users\Nina\AppData\Local\fusioncache.dat
[2011/01/19 11:19:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/01/19 11:19:30 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/11/20 09:46:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/09/26 04:53:41 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2010/05/27 01:19:50 | 000,000,680 | ---- | C] () -- C:\Users\Nina\AppData\Local\d3d9caps.dat
[2010/05/25 02:45:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010/05/25 02:45:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010/05/25 02:45:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010/05/25 02:45:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009/10/10 09:30:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/10/10 09:30:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/10/10 09:30:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/10/10 09:30:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/10/10 09:30:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/10/10 09:30:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/10/10 09:30:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/10/10 09:30:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/10/10 09:30:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/10/10 09:30:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/10/10 09:30:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/10 09:30:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/10/10 09:30:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/10/10 09:30:24 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/10/10 09:30:24 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/10/10 09:30:24 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/10/10 09:30:24 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/10/10 09:30:24 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/10/10 09:30:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/10/10 09:25:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2009/09/27 13:29:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/27 13:29:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/31 09:29:45 | 000,000,080 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\wklnhst.dat
[2009/08/29 09:41:10 | 000,000,032 | ---- | C] () -- C:\Windows\autostart.INI
[2009/08/18 12:06:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/06 14:23:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/06 13:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/01 03:28:48 | 000,010,752 | ---- | C] () -- C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/19 22:11:48 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/02/28 10:40:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/28 10:36:37 | 000,642,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/02/28 10:36:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/02/28 10:36:37 | 000,132,236 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/02/28 10:36:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/02/28 03:48:55 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/10/28 04:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/10/28 04:28:36 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/10/28 04:28:36 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/10/28 04:28:36 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/09/22 01:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,453,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/11/20 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Atari
[2009/12/28 13:11:55 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\BlueShot
[2011/05/05 13:58:47 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/10/10 09:42:23 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EPSON
[2009/10/27 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\FloodLightGames
[2010/01/02 12:24:50 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\gtk-2.0
[2011/07/29 14:39:13 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ICQ
[2011/02/16 14:56:48 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Imaxel
[2010/11/20 09:46:41 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Leadertech
[2010/08/23 13:19:52 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Magic Academy
[2009/09/27 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Nvu
[2011/01/19 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Samsung
[2009/09/26 04:34:37 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Sony
[2009/08/31 09:29:46 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template
[2011/07/29 05:18:52 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Unity
[2009/09/25 08:52:25 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent
[2009/08/01 03:08:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/08/01 03:08:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/12/12 04:57:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/10/10 09:29:53 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/08/01 03:08:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/10/27 13:22:14 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2011/06/05 06:51:05 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/03/26 14:43:09 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/01/19 11:20:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2009/09/26 04:34:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/08/01 03:09:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/06/25 10:36:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2009/06/19 22:15:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/10/10 09:34:58 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2009/08/01 03:09:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/09/21 13:43:46 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/07/14 11:16:56 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/08/29 13:04:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/27 16:29:53 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
wie gehe ich nun weiter vor ?

Alt 30.07.2011, 20:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKU\Nina_ON_C..\Run: [4Y3Y0C3AWF7XZDWDVFOAB] File not found
O4 - HKU\Nina_ON_C..\Run: [avupdate] C:\Users\Nina\AppData\Roaming\jashla.exe (Galilean Cauchy Aesop Bellamy)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/27 09:12:30 | 000,055,296 | ---- | M] () - D:\AutoRunCE.exe -- [ FAT32 ]
:Files
C:\Users\Nina\AppData\Roaming\jashla.exe
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________

__________________

Alt 30.07.2011, 21:21   #3
Rappi
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Ja Super das funzt wieder, hier das Logfile

========== OTL ==========
Registry value HKEY_USERS\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4Y3Y0C3AWF7XZDWDVFOAB deleted successfully.
Registry value HKEY_USERS\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
C:\Users\Nina\AppData\Roaming\jashla.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AutoRunCE.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Nina\AppData\Roaming\jashla.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 07312011_011047
__________________

Alt 30.07.2011, 21:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Lädst du die Datei auch bitte hoch?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.07.2011, 07:17   #5
Rappi
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Ja habe ich hiermit getan, vielen Dank


Alt 31.07.2011, 15:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Bundespolizei Trojaner

Antwort

Themen zu Bundespolizei Trojaner
.dll, autorun, avg, babylon toolbar, babylontoolbar, bho, bonjour, conduit, defender, desktop, error, explorer, explorer.exe, extras.txt, firefox, format, google earth, home, icq, jashla.exe, logfile, microsoft, microsoft office word, notebook, object, otl.txt, realtek, reatogo, registry, security, security scan, software, start menu, sttray.exe, tarma, trojane, trojaner, version=1.0, vista, winlogon, yontoo



Ähnliche Themen: Bundespolizei Trojaner


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema Bundespolizei Trojaner - Hallo zusammen, ich habe mir an einem Vista Notebook auch diesen Bundespolizei trojaner eingefangen. Wie in einem anderen Thread hier beschrieben habe ich mir OTLPen heruntergeladen und nach Anleitung abgearbeitet. - Bundespolizei Trojaner...
Archiv
Du betrachtest: Bundespolizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.