Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei-Trojaner / Bin ich clean?

Bundespolizei-Trojaner / Bin ich clean?


Log-Analyse und Auswertung: Bundespolizei-Trojaner / Bin ich clean?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.09.2011, 14:21   #16
Dr. Legal
 
Bundespolizei-Trojaner / Bin ich clean? - Standard

Bundespolizei-Trojaner / Bin ich clean?


Hier der ComboFix Log:
Code:
ATTFilter
ComboFix 11-09-11.02 - Stefan 11.09.2011  15:11:50.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1231 [GMT 2:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\fldlckun.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-11 bis 2011-09-11  ))))))))))))))))))))))))))))))
.
.
2011-09-11 13:16 . 2011-09-11 13:17	--------	d-----w-	c:\users\Stefan\AppData\Local\temp
2011-09-11 13:16 . 2011-09-11 13:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-11 09:16 . 2011-09-11 09:16	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14AF2BCD-BBDD-460A-8B07-6B786DF56DE6}\MpKsl44af0d2d.sys
2011-09-11 09:16 . 2011-08-11 17:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14AF2BCD-BBDD-460A-8B07-6B786DF56DE6}\mpengine.dll
2011-09-10 07:07 . 2011-09-10 07:07	--------	d-----w-	C:\_OTL
2011-09-09 18:54 . 2011-09-09 18:54	--------	d-----w-	c:\program files\ESET
2011-09-09 15:51 . 2011-09-10 07:10	--------	d-----w-	c:\program files\Common Files\Spigot
2011-09-09 15:50 . 2011-07-15 10:49	313208	----a-w-	c:\windows\system32\TubeFinder.exe
2011-09-09 15:50 . 2009-06-19 17:51	9728	----a-w-	c:\windows\system32\PCCLPFR.DLL
2011-09-09 15:50 . 2009-06-19 17:51	84512	----a-w-	c:\windows\system32\PICCLP32.OCX
2011-09-09 15:50 . 2009-06-19 17:51	364544	----a-w-	c:\windows\system32\PropertyGrid.ocx
2011-09-09 15:50 . 2009-06-19 17:51	32768	----a-w-	c:\windows\system32\CMDLGFR.DLL
2011-09-09 15:50 . 2009-06-19 17:51	24576	----a-w-	c:\windows\system32\ControlSubX.ocx
2011-09-09 15:50 . 2009-06-19 17:51	141312	----a-w-	c:\windows\system32\MSCMCFR.DLL
2011-09-09 15:50 . 2009-06-19 17:51	119568	----a-w-	c:\windows\system32\VB6FR.DLL
2011-09-09 15:50 . 2009-06-19 17:51	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2011-09-09 15:50 . 2011-09-09 15:51	--------	d-----w-	c:\users\Stefan\AppData\Roaming\FreeFLVConverter
2011-09-09 06:56 . 2011-09-07 18:21	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-09 06:56 . 2011-09-07 18:21	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7403D22-030B-4B1D-A47C-18F9C6A29B3D}\gapaengine.dll
2011-09-09 06:56 . 2011-08-11 17:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-08 13:53 . 2011-09-08 13:53	--------	d-----w-	c:\users\Stefan\AppData\Roaming\Malwarebytes
2011-09-08 13:53 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-08 13:53 . 2011-09-08 13:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-08 13:53 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-08 13:53 . 2011-09-08 13:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-07 12:59 . 2011-09-07 13:00	--------	d-----w-	c:\program files\Microsoft Security Client
2011-09-07 12:59 . 2011-09-07 12:59	--------	d-----w-	c:\program files\Common Files\Java
2011-09-07 12:57 . 2011-09-07 12:57	--------	d-----w-	c:\program files\Java
2011-09-07 11:12 . 2011-08-16 06:48	7152464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F1D7387-D517-4D9C-9A1F-E91D08E4F350}\mpengine.dll
2011-09-07 09:22 . 2011-09-07 12:39	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-09-07 09:20 . 2011-09-07 09:20	101720	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-09-07 09:17 . 2011-09-07 11:22	--------	d-----w-	c:\programdata\Lavasoft
2011-09-05 20:53 . 2011-09-05 20:53	--------	d-----w-	c:\programdata\TerraTec
2011-09-01 15:17 . 2011-09-06 15:54	--------	d-----w-	c:\program files\TerraTec
2011-08-27 06:24 . 2011-08-27 06:24	--------	d-----w-	c:\program files\iPod
2011-08-24 16:53 . 2011-07-09 04:29	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-07 12:57 . 2011-01-23 20:28	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-08-24 16:49 . 2011-05-15 06:34	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54 . 2011-08-11 18:29	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 18:29	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 18:29	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-11 05:10	290816	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 05:10	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 05:10	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 05:10	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 05:10	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 05:10	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-09 02:30 . 2011-08-11 05:11	223744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-06-24 04:27 . 2011-08-11 05:10	169984	----a-w-	c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-11 05:10	271360	----a-w-	c:\windows\system32\conhost.exe
2011-06-23 04:33 . 2011-08-11 05:11	3912576	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-11 05:11	3967872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-06-21 05:34 . 2011-08-11 05:10	1290624	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:55 . 2011-08-11 05:10	86016	----a-w-	c:\windows\system32\odbccu32.dll
2011-06-15 08:55 . 2011-08-11 05:10	81920	----a-w-	c:\windows\system32\odbccr32.dll
2011-06-15 08:55 . 2011-08-11 05:10	319488	----a-w-	c:\windows\system32\odbcjt32.dll
2011-06-15 08:55 . 2011-08-11 05:10	122880	----a-w-	c:\windows\system32\odbccp32.dll
2011-06-15 08:55 . 2011-08-11 05:10	163840	----a-w-	c:\windows\system32\odbctrac.dll
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files\navigram_register.exe
2006-06-15 18:33 . 2011-05-17 14:28	233472	----a-w-	c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2011-05-17 14:28	204895	----a-w-	c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2011-05-17 14:28	77824	----a-w-	c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2011-05-17 14:28	426081	----a-w-	c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2011-05-17 14:28	458752	----a-w-	c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 . 2011-05-17 14:28	139264	----a-w-	c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2011-05-17 14:28	204800	----a-w-	c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2011-05-17 14:28	106496	----a-w-	c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2011-05-17 14:28	212992	----a-w-	c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2011-05-17 14:28	167936	----a-w-	c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2011-09-03 06:18 . 2011-03-22 18:53	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-06-24 1710664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-26 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-25 16:58	136176	----atw-	c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 16:01	36864	----a-w-	c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-08-30 22:25	2770760	----a-w-	c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2011-06-24 13:48	1710664	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl2ec3216f;MpKsl2ec3216f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6B76252-7AC7-42F3-B863-D7B4B4508C61}\MpKsl2ec3216f.sys [x]
R1 MpKsl8d1917b3;MpKsl8d1917b3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C59C3BB9-94DA-477C-B2BA-8AAE0CC09B90}\MpKsl8d1917b3.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-07 79360]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [2009-05-06 413208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-10-20 1515520]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-21 1343400]
S1 MpKsl44af0d2d;MpKsl44af0d2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14AF2BCD-BBDD-460A-8B07-6B786DF56DE6}\MpKsl44af0d2d.sys [2011-09-11 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-08-30 2317128]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-10 641464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67652341
*NewlyCreated* - MPKSL44AF0D2D
*NewlyCreated* - MPKSLBE3CDDBE
*Deregistered* - 67652341
*Deregistered* - MpKslbe3cddbe
.
Inhalt des "geplante Tasks" Ordners
.
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73357020-1587596400-1520702021-1000Core.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 16:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = local;*.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.156.33.53 129.187.5.1
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\kvzpam35.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=244506&p=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0002ee26-8c11-49eb-9cdf-56eeffef664f} - (no file)
HKLM-Run-Cm106Sound - cm106.cpl
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B6D258AC66B819ADD936FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794A2D97226D213B555101BE61E4D847B40C129510935DEAA31BFCEDF657F73479A6AB3A451D741E8EC3F05372A322E85540FBD5331F81AB5630F034CAFF8FE4FC7310BCBBC2EA74B10D499E20ED26D8182418D694E438EAE04EF74AE11B88E4E8F2E3B7D50452943B983E6657C30564F4BF5DC629515D95AE30E40CB60DA678E3237DB10A27757BF3C709BC9EB84E2A133BF962180237ED0D707AAF8B8B2372EF89AA96F8D53A48470B28EB21CB97081C1A4489BCBD563013BEE9BA2F7460B1E2C18051E319B6B273259B6D40B6F404A869E24DAF8C9D2A8E9CC1C47BE4C58A41CE26FAE70466691DF65B2F8FC7AF72C8E1B0100CC4E7ADE471B5B7B753575DA9BA2144B73FDB785DDC9427E7A61A1AAF07D563AD0E86D0B37C82DE445A01DAE00F3BBAD24A2E29213F14B54CE60299D469AC451D252236BA43908401CE570E225E75828B2C4D0A16B3A56800CE46030AABC0C9E62F6F30F7DC3865C2B0D728C68017C1D912BCC6B58F1901D83157E62BEA21412D57620DBB2B3E69C6AD38914AD376107F7510881CB60C9D6D0C71A88267D65ACC527C78AB9C60EF793AC02BADAF66270E0651744BC3DF7EDCD07B24A0B732D06108F73288C3181F824BA8A8EDA217E7A8BC9F16C28B6B33A1A1428231A1F3FC6546D0C1429196D41DE5A37779B0ADA59FB16F4030EEBB9221C62C162030E90AD79B1E10510999E024998002F91773F55789260E6F073EAA47A97A7ACFAC1BA0DA800A58248C209812EB5BE43322717C90C3F5ACCD8D64CD2A19167F93AB0FB4C4D306E695A96C39E1C283314F7C8F22907CFE839511287D0C15E7215FDC5B6631ACFB6EAD48D8A46E39802D8618085757BA8F8096A16685ACEC21D1F87DDEFE283205B8AC98FB97B1C65B09BF265A748BFE4DCE837C7DF3A8135230A1A4CD2EB431421A34DFE56562020ACB93084564DF053C55C508104D2D5E0219FFDD4AB3555562EE07A2E87020C8D43E427DEAEC46DF54F3BCF8E0C998B2617F98133EC08FB410B436DE1973E44282A2264E67604D78474AFD7B0D69626196B897416ADC4BBE527A049D7745C6C1D774DF9041671186994B7091EE3696F006792AB9E26DB5E885521B3BE32C6F14DA5128093170B5841F5A60DFC58C0F2D7B8AB00E1B4D371234C40553787F5004E16F212E52C60096040A38FED7CE300CD71414EEA5CC644E0A4D1DBDA4FFA89EA0B464CBC27165CCC7FA93FFEBE2B2C4705947637C164ED22DD7779B387F7469FACB453D38163C9C1240650372F044F5CCE375C3AAE6D467D5B2CE3415424AD1F053DCBD356960DAC035DFA8E82EE84560A"
"OODEFRAG14.00.00.01PROFESSIONAL"="7935DF0FCED5A1338FBB5A318279D449B6A3C6C5D2FA9A26DE944628785036A3903981EC90967D339650ED0925EE4992EA52ED090A6CB287FE1F30D78C8827AE51486F92ECB2C9D8505A79F12CE91C7A8EC50240A7638AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794A2D97226D213B555096650684F3DCD019374F40CBBC98795E6D1C049BDC967073E9B65F22661337475273A77C8BA676770B623B37629E1561E7DFDA4F80D99760AF32857B697EED8F07D12B4CDD480DB7A5CDB9BD1061B706F7591458D4F2C218CE564835F38567D5FE401C299708440B5FE73687CF495561B901875BAF31BB169A49D86128F9FDF638F1715EFE98005E6ECA1932A7DDA13A9DA9254C24E09E489183D46C0622494E66046741510A7B2192500EA919D96C16611E3D46F28B80C99DB12F7E663E2411870E3FDD2A5D1E39ADF8E126CC31891E0A6553C8ABE148C08BFCCA7FE3F7C9EE70D2C2377E17AC9FC86327C79D4D3C7EA4114A7E443285F8B4782B60A13B7FB0AB5BCA7D4EEBE259534B0F4FC28E13D1C3CAE83515A269199A9ACD80EEFFDBB799E97243F6D62CE80BC36993B89FC5DCFA69B93A81CE1C570D1291413DDDE54F131230712EF4D321BA551DB0139062926C0316FC517D5AF0FDFB8C5A455894F750AAB0F297B09CD8626F6809B6C01338083AD8188CB9D1ABAA7811DD3C5554B49F85CD1670E44B4AAAEFDA2DD4994A60719B08753AF796079B00D9E378EBC7B7583C9B7B195531031DE9FB09EEC8DBC24DD3E958F2BD07519B6472065885C25C76069FEF2F32C98078D7EEA39E7DCC688E6BE91A89A2ADE2A2782CF7B7D77A1527E17B61881691FDE439C668B3D15AAA5797FB68ED0B333FE28F42C1A29F161687D0F449288CA07AF3DE08F7864ED5FB3113013B2913EA232113688E5BF58652530F5E0D649B2C533EE9722E5CB4470AD5A658A8F16BDED1E6B460E8866D6C4E321CF99E175A869E6FAEF31BF51977F52BA98D39E0B4CE8627884B6ACB7BFA8478D894EAD34560F8EBC7C21F2498BBFA5C524F86092A5FDE42CB5D40541094FB3E2EF333F210D6B2EC2B62C747B68FA6DC7C958D9C0ABAACDAB858945844C8CD14835521A4BBCC491CC77E0B9A5990B36BE2D26109FE2008754004EA679C7C51015F00847357DF54750FE213D76AFE2CDDCD7E7912AF422C335966E63075DF41F571D8556D50A709F777221FD92DD05C889B47A6AD32D4CF5921F89BF8D922873CD974F5819C2B4B02056EB7E907C8AFDDE150AB1017D4A56E2D2137EDF118247EC233D625DA85CD7DA98DE45FE879F87AAAD9A7D09FAFDE152CE5367C1283A965E66FC8E75E3912FED07ACDC5B1E83C4F09602E8BADDDC57"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-09-11  15:18:55
ComboFix-quarantined-files.txt  2011-09-11 13:18
.
Vor Suchlauf: 5 Verzeichnis(se), 16.799.870.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 16.699.490.304 Bytes frei
.
- - End Of File - - C4993D687A5D87550E0FF7D33825E9EA

 

Themen zu Bundespolizei-Trojaner / Bin ich clean?
adobe, alternate, autorun, bho, bonjour, bundespolizei-trojaner, c:\windows\system32\rundll32.exe, conduit, defender, document, excel.exe, explorer, festplatte, firefox, format, frage, helper, hotspot, hotspot shield, langs, nicht sicher, nvidia, nvlddmkm.sys, object, otl.txt, plug-in, programme, registry, remote control, rundll, scan, security, senden, server, software, system neu, updates, version=1.0, virus, webcheck, windows, winlogon.exe


« TR/Crypt.XPACK.Gen(2) und andere Probleme | Bundespolizei-Virus! Probleme bei Versuch des Löschens trotz Befolgung einiger ähnlicher Threads »


Ähnliche Themen: Bundespolizei-Trojaner / Bin ich clean?


  1. Windows 7 Trojaner - System bereits clean?
    Log-Analyse und Auswertung - 13.12.2013 (11)
  2. ihavenet trojaner eingefangen - einschlägige clean software bringt nichts
    Log-Analyse und Auswertung - 24.09.2013 (17)
  3. GVU-Trojaner. System clean?
    Log-Analyse und Auswertung - 10.05.2013 (11)
  4. Paysafe Trojaner nach Malwarebytes-Scan clean?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (16)
  5. BKA-Trojaner: wirklich clean?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (11)
  6. GVU Trojaner entfernen - Interpretation der Logfiles für OTL clean
    Log-Analyse und Auswertung - 05.02.2013 (19)
  7. GVU Trojaner Win7 64Bit - viel versucht, System jetzt clean?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (14)
  8. PC clean nach Trojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (26)
  9. BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?
    Log-Analyse und Auswertung - 17.12.2011 (7)
  10. PC clean? "Windows 7 Recovery " entfernt mit Trojaner-Board Anleitung
    Log-Analyse und Auswertung - 01.06.2011 (12)
  11. Clean This Trojaner, NICHTS geht mehr !
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (4)
  12. 3 Trojaner gehabt, Explorer.exe wird nicht initialisiert, wirklich clean?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2010 (7)
  13. Hatte Backddor Trojaner. Jetzt wieder clean?
    Log-Analyse und Auswertung - 25.05.2010 (15)
  14. Trojaner entfernt - Alles clean?
    Log-Analyse und Auswertung - 02.04.2009 (1)
  15. Nach Trojaner entfernung, ist mein System wieder clean?
    Mülltonne - 20.11.2008 (0)
  16. Beyond.class Trojaner ist das System clean?
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (4)
  17. clean oder nicht-clean????
    Log-Analyse und Auswertung - 17.09.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei-Trojaner / Bin ich clean? - Hier der ComboFix Log: Code: Alles auswählen Aufklappen ATTFilter ComboFix 11-09-11.02 - Stefan 11.09.2011 15:11:50.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2046.1231 [GMT 2:00] ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe AV: Microsoft Security - Bundespolizei-Trojaner / Bin ich clean?...
Archiv
Du betrachtest: Bundespolizei-Trojaner / Bin ich clean? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132