Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundeskriminalamt - Virus

Bundeskriminalamt - Virus


Log-Analyse und Auswertung: Bundeskriminalamt - Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.06.2011, 21:38   #1
JoChan
 
Bundeskriminalamt - Virus - Standard

Bundeskriminalamt - Virus


Guten Abend liebe Community,
mich hat leider auch der BKA-Virus erwischt... bei hochfahren des PCs erscheint ein Bildschirm, dass ich 100€ bezahlen soll und weiter kann ich dann nichts machen.

Laut der Erklärung von markusg habe ich jetzt aber dieses Programm OTLPENet.exe herunter geladen (von einem anderen PC aus) und einen Scan damit gemacht.

Ich hoffe ihr könnt mir helfen, wie ich diesen Virus wieder loswerde...

Das folgende Log ist das Ergebnis des Scans:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/14/2011 11:16:24 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 129.53 Gb Free Space | 44.96% Space Free | Partition Type: NTFS
Drive D: | 1021.00 Mb Total Space | 1018.75 Mb Free Space | 99.78% Space Free | Partition Type: FAT32
Drive E: | 7.90 Gb Total Space | 0.95 Gb Free Space | 12.01% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/30 07:12:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/22 13:56:52 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/03/19 08:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/23 11:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/02 13:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/30 12:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/20 20:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/20 20:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 13:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 08:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/15 19:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (ADIHdAudAddService)
DRV - [2011/03/19 08:33:18 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 12:40:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/23 11:11:09 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/09/23 11:10:00 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/09/23 11:10:00 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/27 00:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/30 12:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/30 12:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/30 12:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/30 12:36:58 | 000,108,752 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/21 06:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 05:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/14 17:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/07 14:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 14:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 12:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/02 08:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007/11/02 08:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
DRV - [2007/11/02 08:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007/11/02 08:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007/11/02 08:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007/11/02 07:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005/02/11 06:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004/02/04 05:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 13:07:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 13:07:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/18 13:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/02/24 07:06:26 | 000,000,000 | ---D | M]
 
[2010/02/15 10:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/02/15 10:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/03 06:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions
[2010/06/25 07:52:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/03 06:33:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/05/24 10:49:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/24 16:39:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/03 11:36:17 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/15 10:05:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d4er1o0d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/12/07 09:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/07 09:22:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4ER1O0D.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI
[2011/05/22 13:07:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/07 09:21:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/07 08:54:54 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2011/05/22 13:07:19 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/05/22 13:07:19 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/22 13:07:19 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/05/22 13:07:19 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/05/22 13:07:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/05/22 13:07:19 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/12/04 05:40:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Wallpaper4U] C:\Program Files\Wallpaper4U\Wallpaper4U.exe (blppSoft)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.102.20.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\Users\Admin\AppData\Local\Temp\0.5639931398767245.exe) - C:\Users\Admin\AppData\Local\Temp\0.5639931398767245.exe (cp)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/22 06:27:08 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 09:31:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/05/16 09:30:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2009/03/27 00:47:16 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2009/03/13 07:42:09 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/14 15:59:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/14 15:59:01 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2011/06/14 15:59:00 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/14 15:59:00 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/14 15:58:59 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2011/06/14 15:34:13 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2011/06/14 14:39:40 | 000,674,582 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/06/14 14:39:40 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/14 14:39:40 | 000,146,234 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/06/14 14:39:40 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/13 17:05:22 | 000,003,204 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011/06/13 15:31:05 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/06/13 15:31:05 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI
[2011/06/11 11:38:17 | 000,002,605 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Word.lnk
[2011/05/28 09:51:46 | 000,509,818 | ---- | M] () -- C:\Users\Admin\Desktop\P1000832.JPG
[2011/05/28 09:46:51 | 001,390,727 | ---- | M] () -- C:\Users\Admin\Desktop\IMG_1362.JPG
[2011/05/28 05:12:45 | 000,000,961 | ---- | M] () -- C:\Users\Admin\Desktop\Dropbox.lnk
[2011/05/28 05:12:45 | 000,000,941 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/22 13:07:24 | 000,000,900 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/22 06:27:08 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011/05/28 09:52:22 | 000,509,818 | ---- | C] () -- C:\Users\Admin\Desktop\P1000832.JPG
[2011/05/22 13:07:24 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/16 09:35:15 | 000,000,961 | ---- | C] () -- C:\Users\Admin\Desktop\Dropbox.lnk
[2011/05/16 09:31:45 | 000,000,941 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/10/27 04:47:39 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2010/10/27 04:47:39 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2010/01/30 11:46:22 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/08 06:30:49 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/09/25 04:03:06 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.exe
[2009/09/11 06:49:11 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009/09/11 06:49:11 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2009/09/11 06:48:55 | 000,643,072 | ---- | C] () -- C:\windows\System32\autochk.exe
[2009/06/03 13:33:05 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2009/06/03 13:33:05 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2009/06/03 07:03:13 | 000,000,377 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PrimoPDFSet.xml
[2009/06/03 06:19:51 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2009/05/28 04:24:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/06 05:53:50 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2009/03/27 00:48:22 | 001,810,992 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/03/27 00:48:12 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/03/27 00:47:56 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2009/03/19 14:48:07 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/03/16 16:37:02 | 000,000,021 | ---- | C] () -- C:\windows\PMK_setup.ini
[2009/03/13 11:29:49 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/13 10:20:45 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2009/03/13 09:58:22 | 000,048,640 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 07:42:08 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009/03/13 07:21:39 | 000,003,204 | ---- | C] () -- C:\windows\bthservsdp.dat
[2008/07/23 09:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/07/23 08:22:24 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2008/05/21 05:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008/05/21 05:09:24 | 003,107,788 | ---- | C] () -- C:\windows\System32\atiumdva.dat
[2008/04/16 11:03:14 | 000,674,582 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2008/04/16 11:03:14 | 000,290,748 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2008/04/16 11:03:14 | 000,146,234 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2008/04/16 11:03:14 | 000,036,916 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2008/03/06 06:40:54 | 000,168,883 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2008/03/04 15:02:00 | 000,090,112 | ---- | C] () -- C:\windows\System32\atibrtmon.exe
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006/11/02 08:44:53 | 000,867,192 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,634,400 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,119,964 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/03 18:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998/05/06 23:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2009/08/23 12:40:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BackToZIP
[2011/04/12 06:36:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010/09/23 08:38:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cycle of 5th
[2011/06/14 03:27:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2010/11/24 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/07 08:55:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Foxit
[2009/03/13 11:09:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterVideo
[2009/03/28 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Micrografx
[2010/02/14 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011/04/13 10:54:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Wildlife Park 2
[2009/03/13 07:30:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/01/01 11:45:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/05/24 16:14:05 | 000,000,000 | ---D | M] -- C:\ProgramData\CounterPath
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/03/13 07:30:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/03/13 07:30:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/03/13 11:19:47 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010/10/27 04:55:21 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2010/10/27 04:51:38 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/03/13 07:30:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/11/05 14:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/03/13 07:30:53 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/11/18 14:47:23 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/03/22 14:38:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\{BC3827BC-FEE6-47F6-A08C-EAFB1CE3AA56}
[2011/03/22 14:38:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DA8DD039-AEE2-4D03-83AC-B1E508D4A724}
[2011/06/13 17:05:24 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 22528 bytes -> C:\windows\System32\autochk.exe:BAK
< End of report >
--- --- ---
 

Themen zu Bundeskriminalamt - Virus
adobe, alternate, antivir, autorun, avira, bho, bildschirm, bka-virus, canon, converter, defender, desktop, explorer, firefox, format, home, logfile, mozilla, mozilla thunderbird, mp3, otlpenet.exe, plug-in, programm, reatogo, registry, safer networking, scan, sched.exe, searchplugins, security, software, start menu, temp, usb, virus, vista


« Bundespolizei Virus | WORM/Conficker.Y.12/Y.14 in C:\System Volume Information\_restore{069F6E02-AB0E-4A84-A389-14C8A78... »


Ähnliche Themen: Bundeskriminalamt - Virus


  1. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 19.03.2014 (8)
  2. Bundeskriminalamt Virus eingefangen... Wie enfernen?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (1)
  3. Riesiges Problem Bundeskriminalamt virus & Gvu Virus
    Log-Analyse und Auswertung - 05.02.2013 (44)
  4. 100 Euro - Virus - Bundeskriminalamt
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (3)
  5. Bundeskriminalamt - Virus
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (6)
  6. Bundeskriminalamt Trojaner/Virus //// Datenrettung
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (37)
  7. Bundeskriminalamt virus
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (29)
  8. BKA-Virus! Bundeskriminalamt hat PC lahmgelegt.
    Log-Analyse und Auswertung - 09.09.2011 (25)
  9. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 31.08.2011 (25)
  10. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 22.08.2011 (32)
  11. Bundeskriminalamt Virus
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (6)
  12. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 11.08.2011 (1)
  13. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 09.08.2011 (1)
  14. Bundeskriminalamt Virus [mögliche Lösung]
    Diskussionsforum - 08.08.2011 (32)
  15. Bundeskriminalamt Virus
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (11)
  16. Bundeskriminalamt Virus otl.txt
    Log-Analyse und Auswertung - 28.05.2011 (3)
  17. (bundeskriminalamt) virus
    Log-Analyse und Auswertung - 13.04.2011 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundeskriminalamt - Virus - Guten Abend liebe Community, mich hat leider auch der BKA-Virus erwischt... bei hochfahren des PCs erscheint ein Bildschirm, dass ich 100€ bezahlen soll und weiter kann ich dann nichts machen. - Bundeskriminalamt - Virus...
Archiv
Du betrachtest: Bundeskriminalamt - Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131