| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Interpol Trojaner . Admistrator-Benutzerkonto gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.11.2013, 22:40
| #17 |
 |  Interpol Trojaner . Admistrator-Benutzerkonto gesperrt FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Chef (administrator) on CHEFIN on 20-11-2013 20:08:06
Running from C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPLpr] - C:\Programme\Synaptics\SynTP\SynTPLpr.exe [98394 2004-11-04] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Programme\Synaptics\SynTP\SynTPEnh.exe [688218 2004-11-04] (Synaptics, Inc.)
HKLM\...\Run: [ThreatFire] - C:\Programme\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools)
HKLM\...\Run: [FixCamera] - C:\WINDOWS\FixCamera.exe
HKLM\...\Run: [snpstd3] - C:\WINDOWS\vsnpstd3.exe [835584 2007-05-10] ()
HKLM\...\Run: [tsnpstd3] - C:\WINDOWS\tsnpstd3.exe [270336 2007-04-21] ()
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [413696 2008-03-28] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [347192 2013-10-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [413696 2008-03-28] (Apple Inc.)
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
HKCU\...\Run: [swg] - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-23] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [138096 2013-04-28] (Facebook Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\skype.dat <==== ATTENTION
MountPoints2: {26488d3c-4ad5-11e3-8725-001279c4d357} - E:\Startme.exe
MountPoints2: {97d547f0-2569-11df-8319-001279c4d357} - E:\RECYCLERINGS\autorun.exe
HKU\Administrator\...\Run: [Messenger (Yahoo!)] - "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\Administrator\...\Run: [Search Protection] - C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
HKU\Administrator\...\Run: [MsnMsgr] - C:\Programme\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Administrator\...\Run: [swg] - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-02-23] (Google Inc.)
HKU\Besucher\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [ 2008-03-28] (Apple Inc.)
HKU\Besucher\...\Run: [msnmsgr] - "C:\Programme\MSN Messenger\msnmsgr.exe" /background
HKU\Besucher\...\Run: [MSMSGS] - C:\Programme\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x32DB4FAE38DECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Programme\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - {6979AAC6-B340-4275-BFE5-ED65DF1D2B65} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {898BBB27-8D27-4BFA-B532-4B01468082E4} URL = hxxp://avira.search.ask.com/web?p2=%5EB0Q%5EYYYYYY%5EZF%5EDE&gct=sb&itbv=12.5.1.1249&o=APN11074&tpid=AVIRA-V7&apn_uid=348238FD-2647-4954-82F6-BEF05823509D&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EZF%5EDE&apn_dbr=ie_8.0.6001.18702&doi=2013-10-03&trgb=ALL&q={searchTerms}&psv=
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255588525801
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255588614819
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://82.198.200.23/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Programme\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Programme\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 23 C:\Programme\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\r2aq195g.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: toolbar_AVIRA-V7 - C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\r2aq195g.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-10-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-10-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-10-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [254007 2005-03-29] (Broadcom Corporation.)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2012-02-23] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2012-02-23] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2013-05-18] (Google)
S3 hpqwmi; C:\Programme\HPQ\Shared\hpqwmi.exe [98304 2004-10-04] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Skype\Updater\Updater.exe [160944 2012-06-07] (Skype Technologies)
R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
R2 ThreatFire; C:\Programme\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools)
S2 winmgmt; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-12-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-10-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-10-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-03] (Avira Operations GmbH & Co. KG)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1340698 2005-03-29] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [55448 2005-03-29] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CONAN; C:\Windows\System32\drivers\o2mmb.sys [182101 2003-07-28] (O2 Micro )
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-12-25] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MbxStby; C:\Windows\System32\drivers\MbxStby.sys [5689 2003-07-24] (O2 Micro)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation)
R3 SMCIRDA; C:\Windows\System32\DRIVERS\smcirda.sys [35913 2001-08-18] (SMC)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10376576 2007-10-16] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-03] (Avira GmbH)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [51984 2010-01-15] (PC Tools)
R3 TfNetMon; C:\WINDOWS\system32\drivers\TfNetMon.sys [33552 2010-01-15] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59664 2010-01-15] (PC Tools)
R3 w22n51; C:\Windows\System32\DRIVERS\w22n51.sys [3151232 2004-09-21] (Intel® Corporation)
S3 WLAN_400_500_SERVICE; C:\Windows\System32\DRIVERS\ar5211.sys [468768 2005-09-14] (Atheros Communications, Inc.)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-20 20:03 - 2013-11-20 20:03 - 105397131 _____ C:\WINDOWS\system32\菎噬7
2013-11-19 20:20 - 2013-11-19 20:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-19 20:16 - 2013-11-19 20:16 - 00000000 ____D C:\FRST
2013-11-19 18:25 - 2013-11-19 18:43 - 00000000 ____D C:\AdwCleaner
2013-11-19 17:51 - 2013-11-19 17:51 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Malwarebytes
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-11-19 17:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-19 17:43 - 2013-11-19 17:43 - 105044098 _____ C:\WINDOWS\system32\硳ᥖ噬7
2013-11-17 19:51 - 2013-11-17 19:52 - 00000399 _____ C:\WINDOWS\wmsetup.log
2013-11-16 22:05 - 2013-11-16 22:05 - 00000000 ____D C:\_OTL
2013-11-16 22:05 - 2011-07-13 03:55 - 02237440 ____R (OldTimer Tools) C:\OTLPE.exe
2013-11-14 23:22 - 2013-11-14 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 23:22 - 2013-11-14 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 23:21 - 2013-11-14 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 23:21 - 2013-11-14 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 20:33 - 2013-11-14 20:33 - 104278918 _____ C:\WINDOWS\system32\쩝ꮫ噬7
2013-11-13 22:38 - 2013-11-16 22:02 - 00032702 _____ C:\Extras.Txt
2013-11-13 22:18 - 2013-11-16 22:02 - 00060940 _____ C:\OTL.Txt
2013-11-11 20:52 - 2013-11-11 20:52 - 00000000 ____D C:\WINDOWS\CSC
2013-11-11 14:57 - 2013-11-11 14:58 - 00000000 ____D C:\Programme\Sony Media Go Install
2013-11-02 17:42 - 2013-11-02 17:42 - 104684788 _____ C:\WINDOWS\system32\㙩ꒊ噬7
==================== One Month Modified Files and Folders =======
2013-11-20 20:11 - 2011-08-26 20:51 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3FB5881-FFE8-4A18-9651-5C03899F3110}.job
2013-11-20 20:11 - 2009-10-15 15:45 - 00000434 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FE18CCC-F939-4EFC-8840-38FD331496FB}.job
2013-11-20 20:10 - 2009-10-15 15:48 - 00000000 ____D C:\Programme\ThreatFire
2013-11-20 20:10 - 2009-10-14 16:48 - 01214808 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-20 20:08 - 2013-04-28 22:02 - 00001014 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-73586283-813497703-1343024091-1003UA.job
2013-11-20 20:08 - 2011-12-28 01:41 - 00000242 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2013-11-20 20:05 - 2012-02-23 01:19 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-20 20:05 - 2009-10-14 16:56 - 00032634 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-20 20:04 - 2011-07-26 22:21 - 00000000 ____D C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Mozilla Firefox
2013-11-20 20:03 - 2013-11-20 20:03 - 105397131 _____ C:\WINDOWS\system32\菎噬7
2013-11-20 20:01 - 2004-08-04 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-20 20:00 - 2012-02-23 01:19 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-20 19:58 - 2009-10-14 17:40 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-20 19:58 - 2009-10-14 17:40 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-20 19:58 - 2009-10-14 16:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-20 19:58 - 2008-08-12 17:08 - 00044964 _____ C:\WINDOWS\system32\ativvaxx.cap
2013-11-19 22:06 - 2009-10-18 15:04 - 00000300 ___SH C:\Dokumente und Einstellungen\Chef\ntuser.ini
2013-11-19 22:06 - 2009-10-18 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\Chef
2013-11-19 22:06 - 2009-10-15 12:28 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-19 21:25 - 2012-06-13 21:48 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-19 20:20 - 2013-11-19 20:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-19 20:16 - 2013-11-19 20:16 - 00000000 ____D C:\FRST
2013-11-19 18:43 - 2013-11-19 18:25 - 00000000 ____D C:\AdwCleaner
2013-11-19 17:51 - 2013-11-19 17:51 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Malwarebytes
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
2013-11-19 17:51 - 2013-11-19 17:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-11-19 17:51 - 2009-10-14 17:37 - 00000000 ___RD C:\Programme
2013-11-19 17:51 - 2009-10-14 17:35 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-11-19 17:43 - 2013-11-19 17:43 - 105044098 _____ C:\WINDOWS\system32\硳ᥖ噬7
2013-11-18 00:21 - 2009-10-18 14:57 - 00000000 ____D C:\Dokumente und Einstellungen\Besucher
2013-11-18 00:09 - 2011-12-29 00:07 - 00000000 ____D C:\Dokumente und Einstellungen\Besucher\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2013-11-17 23:06 - 2013-04-28 22:01 - 00000992 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-73586283-813497703-1343024091-1003Core.job
2013-11-17 20:00 - 2009-10-18 15:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Eigene Bilder
2013-11-17 19:52 - 2013-11-17 19:51 - 00000399 _____ C:\WINDOWS\wmsetup.log
2013-11-17 17:46 - 2011-09-09 20:56 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-11-17 17:19 - 2009-10-14 16:46 - 00000000 ____D C:\WINDOWS\Registration
2013-11-16 22:05 - 2013-11-16 22:05 - 00000000 ____D C:\_OTL
2013-11-16 22:05 - 2009-10-18 15:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Chef\Startmenü\Programme\Autostart
2013-11-16 22:02 - 2013-11-13 22:38 - 00032702 _____ C:\Extras.Txt
2013-11-16 22:02 - 2013-11-13 22:18 - 00060940 _____ C:\OTL.Txt
2013-11-15 16:06 - 2009-10-18 14:58 - 00000000 ___RD C:\Dokumente und Einstellungen\Besucher\Eigene Dateien\Eigene Bilder
2013-11-15 12:48 - 2009-10-19 20:27 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-11-14 23:22 - 2013-11-14 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 23:22 - 2013-11-14 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 23:21 - 2013-11-14 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 23:21 - 2013-11-14 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 23:19 - 2009-10-15 15:20 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-14 23:16 - 2013-08-25 20:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-14 23:02 - 2009-10-15 15:17 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-14 20:33 - 2013-11-14 20:33 - 104278918 _____ C:\WINDOWS\system32\쩝ꮫ噬7
2013-11-11 20:52 - 2013-11-11 20:52 - 00000000 ____D C:\WINDOWS\CSC
2013-11-11 17:32 - 2010-04-10 11:14 - 00002249 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
2013-11-11 15:02 - 2010-04-10 11:23 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
2013-11-11 14:58 - 2013-11-11 14:57 - 00000000 ____D C:\Programme\Sony Media Go Install
2013-11-11 14:57 - 2010-04-10 11:34 - 00000000 ____D C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Sony
2013-11-02 17:42 - 2013-11-02 17:42 - 104684788 _____ C:\WINDOWS\system32\㙩ꒊ噬7
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jre-6u32-windows-i586-iftw.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\setup.exe
C:\Dokumente und Einstellungen\Besucher\Lokale Einstellungen\Temp\AskSLib.dll
C:\Dokumente und Einstellungen\Besucher\Lokale Einstellungen\Temp\din46.exe
C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2004-08-04 13:00] - [2008-04-14 03:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2004-08-04 13:00] - [2008-04-14 03:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2004-08-04 13:00] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2004-08-04 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2004-08-04 13:00] - [2008-04-14 03:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2004-08-04 13:00] - [2008-04-14 03:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 13:00] - [2008-04-14 02:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- --- Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=80f04d8c8b91984b90a3d1ae87186db7
# engine=15964
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-20 08:46:42
# local_time=2013-11-20 09:46:42 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 95 9862 155651707 2518 0
# scanned=49950
# found=1
# cleaned=0
# scan_time=4259
sh=99DA2C0C196C2CB8A236A6046CFC419180C505F7 ft=0 fh=0000000000000000 vn="Win32/LockScreen.AXJ trojan" ac=I fn="C:\Dokumente und Einstellungen\Besucher\Lokale Einstellungen\Temp\index.html"
Bei SecurityCheck kommt nach der Anzeige "Preparing" ein Fenster "Autolt Error" da steht drin Line -1: Error: Variable must be of type "Object" |
| Themen zu Interpol Trojaner . Admistrator-Benutzerkonto gesperrt |
| anmelde, bedingt, bild, brauche, das bild, gesperrt, hilfe, interpol, interpol trojaner, laptop, melde, sobald, sofort, troja, trojaner, trojaner - computer wurde gesperrt, unbedingt, vater |
Baum-Darstellung