| |
| |||||||
Log-Analyse und Auswertung: "Polizei" Trojaner sperrt den PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
16.09.2012, 13:44
| #1 |
 |  "Polizei" Trojaner sperrt den PC Guten Tag Zusammen. Ich habe mir einen Trojaner eingefangen der sagt dass ich auf einer Illegale Seite war und mir so den ganzen PC sperrt. Da ganze sei von der Schweizer-Polizei und sie wollen 100Fr/€ oder 150Fr/€. Wie bringe ich den weg? Malwarebytes Anti-Malware komplett Suchlauf Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.15.06 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 HiT-Killer :: HIT-KILLER2 [Administrator] 16.09.2012 00:38:21 mbam-log-2012-09-16 (00-38-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 570542 Laufzeit: 39 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\$Recycle.Bin\S-1-5-21-777867402-264725896-1325189075-1000\$RMAPTG1\skyrim\coretemp10rc2_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HiT-Killer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK10V2GW\SplitCam_5414[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 16.09.2012 17:16:26 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\HiT-Killer\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 70,27% Memory free 6,99 Gb Paging File | 6,01 Gb Available in Paging File | 85,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,41 Gb Total Space | 84,61 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 135,27 Gb Free Space | 14,52% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 828,02 Gb Free Space | 88,89% Space Free | Partition Type: NTFS Drive H: | 1863,01 Gb Total Space | 1862,87 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Computer Name: HIT-KILLER2 | User Name: HiT-Killer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\HiT-Killer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Games\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\HelpPane.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Games\Steam\bin\libcef.dll () MOD - C:\Games\Steam\bin\avcodec-53.dll () MOD - C:\Games\Steam\bin\chromehtml.dll () MOD - C:\Games\Steam\bin\avformat-53.dll () MOD - C:\Games\Steam\bin\avutil-51.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (rpcapd) -- %ProgramFiles%\WinPcap\rpcapd.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (HiPatchService) -- C:\Games\Tribes\HiPatchService.exe (Hi-Rez Studios) SRV - (Futuremark SystemInfo Service) -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (57xx SteelVine Manager) -- C:\Programme\ASUS\Drive Xpert\SteelVine.exe () SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe (SiSoftware) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (VLAN) -- system32\DRIVERS\RtVLAN60.sys File not found DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (TEAM) -- system32\DRIVERS\RtTeam60.sys File not found DRV - (nvlddmkm) -- system32\DRIVERS\nvlddmkm.sys File not found DRV - (L1E) -- system32\DRIVERS\L1E62x86.sys File not found DRV - (GPU-Z) -- C:\Users\HIT-KI~1\AppData\Local\Temp\GPU-Z.sys File not found DRV - (cpuz135) -- C:\Users\HIT-KI~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found DRV - (ALSysIO) -- C:\Users\HIT-KI~1\AppData\Local\Temp\ALSysIO.sys File not found DRV - (a9hav01n) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (RTCore32) -- C:\Programme\MSI Afterburner\RTCore32.sys () DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation) DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys (SiSoftware) DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=111304&tt=120812_bandext_3212_4&babsrc=HP_ss&mntrId=522f7d9c000000000000002618ac67c3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=111304&tt=120812_bandext_3212_4&babsrc=HP_ss&mntrId=522f7d9c000000000000002618ac67c3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 0E EA 38 FD 74 CD 01 [binary data] IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=120812_bandext_3212_4&babsrc=SP_ss&mntrId=522f7d9c000000000000002618ac67c3 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=111304&tt=120812_bandext_3212_4&babsrc=HP_ss&mntrId=522f7d9c000000000000002618ac67c3" FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119 FF - prefs.js..network.proxy.http: "46.4.208.46" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.30 22:05:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.15 12:30:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.20 11:20:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.13 20:33:05 | 000,000,000 | ---D | M] [2011.10.21 18:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HiT-Killer\AppData\Roaming\mozilla\Extensions [2012.09.16 00:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HiT-Killer\AppData\Roaming\mozilla\Firefox\Profiles\lmoesvsu.default\extensions [2012.09.16 00:21:05 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\HiT-Killer\AppData\Roaming\mozilla\Firefox\Profiles\lmoesvsu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.09.15 13:30:30 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader") -- C:\Users\HiT-Killer\AppData\Roaming\mozilla\Firefox\Profiles\lmoesvsu.default\extensions\artur.dubovoy@gmail.com [2012.09.15 13:30:29 | 000,213,038 | ---- | M] () (No name found) -- C:\Users\HiT-Killer\AppData\Roaming\mozilla\firefox\profiles\lmoesvsu.default\extensions\artur.dubovoy@gmail.com.xpi [2012.09.14 22:26:25 | 000,002,101 | ---- | M] () -- C:\Users\HiT-Killer\AppData\Roaming\mozilla\firefox\profiles\lmoesvsu.default\searchplugins\googlede.xml [2012.07.06 00:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.06 00:30:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.10.30 22:05:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.15 12:30:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.09 02:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.12 22:22:30 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.15 12:30:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.09 02:10:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.09 02:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.09 02:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.09 02:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.18 14:04:10 | 000,000,754 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Drive Xpert] C:\Programme\ASUS\Drive Xpert\DriveXpert.exe (Silicon Image, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WABSyncProvider] C:\Users\HiT-Killer\AppData\Local\Microsoft\Windows\440\WABSyncProvider.exe () O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\HiT-Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38175BE7-64BE-4D20-B0E9-D078A2EAD8A5}: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93F3D002-047F-4A8A-8B42-073F8DF9A9BC}: DhcpNameServer = 192.168.10.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{82427f10-0d1a-11e1-ae58-001fd022c82f}\Shell - "" = AutoRun O33 - MountPoints2\{82427f10-0d1a-11e1-ae58-001fd022c82f}\Shell\AutoRun\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.16 15:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.16 15:14:52 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.16 00:32:38 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\AppData\Roaming\Malwarebytes [2012.09.16 00:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.16 00:32:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.16 00:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.16 00:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.16 00:21:07 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\AppData\Roaming\QuickScan [2012.09.15 23:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.09.15 23:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2012.09.15 23:54:12 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\AppData\Roaming\Ad-Aware Antivirus [2012.09.13 01:36:55 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\Documents\Firstload [2012.09.13 01:36:55 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\AppData\Roaming\Firstload [2012.09.13 01:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Firstload [2012.09.12 18:52:00 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.09.12 18:52:00 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.09.12 12:48:34 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\AppData\Roaming\OpenOffice.org [2012.09.12 12:36:27 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.09.12 12:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.09.12 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2012.09.01 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\Documents\Guild Wars 2 [2012.08.25 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\HiT-Killer\AppData\Roaming\The Creative Assembly [2012.08.25 17:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2011.10.29 13:52:41 | 003,874,871 | ---- | C] (Johnny Lee) -- C:\Users\HiT-Killer\ORTHOS.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.16 15:14:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.16 14:24:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.16 14:24:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.16 14:24:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.16 14:24:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.16 14:20:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.16 14:20:02 | 2817,040,384 | -HS- | M] () -- C:\hiberfil.sys [2012.09.16 01:26:07 | 121,432,402 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.16 00:32:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.15 20:32:13 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 20:32:13 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 13:32:41 | 000,294,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.13 01:36:35 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Firstload.lnk [2012.09.12 12:48:42 | 000,001,193 | ---- | M] () -- C:\Users\HiT-Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.12 12:36:27 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.26 12:53:18 | 000,139,048 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.08.26 12:53:00 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.08.26 12:51:45 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.08.22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.08.22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.16 00:32:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 01:36:35 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firstload.lnk [2012.09.13 01:36:35 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Firstload.lnk [2012.09.12 12:48:42 | 000,001,193 | ---- | C] () -- C:\Users\HiT-Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.12 12:36:27 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.08.16 22:54:05 | 000,089,048 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.08.14 15:43:31 | 000,000,038 | ---- | C] () -- C:\Users\HiT-Killer\AppData\Local\CrystalDiskMark30.ini [2012.08.12 22:30:20 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2012.08.12 22:22:40 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.08.12 22:22:40 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.08.12 22:22:40 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.05.17 16:37:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.06 03:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 03:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.04.05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.02.09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.01.05 17:08:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.01.04 15:57:44 | 011,386,880 | ---- | C] () -- C:\Users\HiT-Killer\AppData\Roaming\Sandra.mdb [2012.01.04 15:57:44 | 000,000,128 | ---- | C] () -- C:\Users\HiT-Killer\AppData\Roaming\Sandra.ldb [2011.10.27 23:22:48 | 000,139,048 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.10.27 23:22:48 | 000,138,056 | ---- | C] () -- C:\Users\HiT-Killer\AppData\Roaming\PnkBstrK.sys [2011.10.27 23:22:21 | 000,282,296 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.10.27 23:22:19 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.10.21 18:08:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.11.21 02:30:51 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 02:30:51 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 02:30:51 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 02:30:51 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe < End of report > Code:
ATTFilter C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Users\HiT-Killer\AppData\Local\Microsoft\Windows\440\WABSyncProvider.exe Win32/TrojanDownloader.Retacino.A trojan
C:\Users\HiT-Killer\AppData\Local\Mozilla\Firefox\Profiles\lmoesvsu.default\Cache\7\58\ABCA4d01 JS/Exploit.Pdfka.PRD trojan
C:\Users\HiT-Killer\Downloads\SoftonicDownloader_fuer_stream-catcher.exe a variant of Win32/SoftonicDownloader.D application
D:\recovery\recup_dir.171\f138859048.dll a variant of Win32/Conficker.Y worm
D:\recovery\recup_dir.235\f247608824.dll a variant of Win32/Kryptik.AY trojan
D:\recovery\recup_dir.56\f19027712_freeJig_alaeNth.pdf PDF/Exploit.Pidief.PBK.Gen trojan
Geändert von HiT-Killer (16.09.2012 um 14:20 Uhr) |
| Themen zu "Polizei" Trojaner sperrt den PC |
| anti-malware, avira searchfree toolbar, babylon toolbar, babylontoolbar, blue, bringe, browser manager, c:\windows\system32\cmd.exe, eingefangen, funde, gefangen, gelöscht, gen, guten, illegale, launch, malware.packer.genx, malwarebytes, malwarebytes anti-malware, plug-in, polizei, pup.adware.agent, pup.bundleoffers.iiq, recycle.bin, search the web, seite, sperrt, splitcam, troja, trojaner, trojaner eingefangen, vdeck.exe, win32/conficker.y, youtube downloader |
Baum-Darstellung