Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bundestrojaner (sperrbildschirm)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 24.08.2012, 03:26   #1
kiteloop
 
bundestrojaner (sperrbildschirm) - Standard

bundestrojaner (sperrbildschirm)



Mich hats heute als ich ein prog downloaden wollte vom "bundestrojaner" erwischt..
Es zeigte einen Sperrbildschirm auf welchem stand ,dass ich die gesetzgebung usw. verletzt hätte und 100E€ zahlen muss um die sperre zu entsperren.
Ich habe darauf meinen PC ausgeschalten und startete ihn im abgesicherten modus neu,da es anders nicht funktionierte.
Ich lud mir Malewarebytes herunter und lies einen komplett scan machen und löschte die gefundenen dateien...(hießen alle "funmoods" oder so)
danach startete ich den pc neu im normalen modus was aber immer noch nicht funktionierte ...also habe ich das ganze jetzt nochmal von vorn gemacht und nach dem scan OTL gestartet.
der erste OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.08.2012 04:17:25 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Nikita Breyer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 6,75 Gb Available Physical Memory | 85,07% Memory free
15,88 Gb Paging File | 14,88 Gb Available in Paging File | 93,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,00 Gb Total Space | 168,03 Gb Free Space | 42,01% Space Free | Partition Type: NTFS
Drive D: | 513,83 Gb Total Space | 513,72 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: PC-HOME | User Name: Nikita Breyer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.24 03:00:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nikita Breyer\Desktop\OTL.exe
PRC - [2012.08.22 22:57:31 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.22 22:57:31 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2011.08.17 13:04:06 | 001,100,088 | ---- | M] (Tesline-Service SRL) -- C:\Program Files (x86)\Rohos\welcome.exe
PRC - [2011.06.22 12:04:08 | 000,069,632 | ---- | M] (Tesline-Service SRL) -- C:\Program Files (x86)\Rohos\ntserv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 22:57:35 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012.08.22 22:57:35 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012.08.22 22:57:35 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012.08.22 22:57:34 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012.08.22 22:57:34 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012.08.22 22:57:34 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012.08.22 22:57:34 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012.08.22 22:57:34 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012.08.22 22:57:34 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012.08.22 22:57:34 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012.08.22 22:57:34 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012.08.22 22:57:34 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012.08.22 22:57:34 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012.08.22 19:43:10 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.05.08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.24 00:31:23 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.22 19:43:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.21 13:29:36 | 000,163,536 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files (x86)\F-Secure\fshoster32.exe -- (fshoster)
SRV - [2012.06.16 23:26:57 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.02 23:04:58 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.15 18:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012.03.15 18:00:38 | 000,914,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2012.03.15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.06 08:21:04 | 000,440,320 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011.06.22 12:04:08 | 000,069,632 | ---- | M] (Tesline-Service SRL) [Auto | Running] -- C:\Program Files (x86)\Rohos\ntserv.exe -- (Rohos)
SRV - [2010.11.17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.11.17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 13:48:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.22 17:52:31 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012.07.02 11:57:10 | 000,058,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsccsys.sys -- (fsccsys1342706098)
DRV:64bit: - [2012.06.01 13:48:17 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.16 20:43:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.04.16 20:43:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.15 18:00:38 | 000,095,112 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012.03.15 18:00:38 | 000,046,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.10.06 08:21:05 | 001,578,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.06.23 10:39:52 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.05.11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.02.24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.07.19 15:57:11 | 000,199,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012.07.19 15:54:14 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2012.06.26 15:11:25 | 000,062,032 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012.03.15 18:00:28 | 000,015,016 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}
IE:64bit: - HKLM\..\SearchScopes\{9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bf4&chnl=bf4&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0DtDyEyBzyyCyBtCtBtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=188777916
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}
IE - HKLM\..\SearchScopes,DefaultScope = {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{3B9062BB-1D2D-3D09-563B-676310104B88}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\..\SearchScopes\{9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bf4&chnl=bf4&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0DtDyEyBzyyCyBtCtBtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=188777916
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}
IE - HKCU\..\SearchScopes,DefaultScope = {9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}
IE - HKCU\..\SearchScopes\{3274C370-D7BC-4E49-99E6-79DCD2850AA0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=C27263F3-C9F0-4C11-87B1-7AF5BD632F15&apn_sauid=070ADEFB-49A1-4448-9779-987541FC606E
IE - HKCU\..\SearchScopes\{63851E75-AA94-4847-B059-70530A818C66}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\..\SearchScopes\{9FDE4054-BEF7-461A-9A05-37CB7EFF16E9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bf4&chnl=bf4&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0DtDyEyBzyyCyBtCtBtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=188777916
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyHQIoKZ6&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Nikita Breyer\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.07.13 22:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012.07.19 15:54:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.13 22:56:05 | 000,000,000 | ---D | M]
 
[2012.07.13 22:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.gboxapp.com/
CHR - homepage: hxxp://search.gboxapp.com/
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll爀猀 File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (VideoFileDownload) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - C:\Program Files (x86)\OApps\bho_project.dll File not found
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll File not found
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [WLanConn] C:\Users\Nikita Breyer\AppData\Local\Microsoft\Windows\2222\WLanConn.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [myWIFIzone] C:\Program Files (x86)\myWIFIzone\myWIFIzone.exe File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKCU..\Run: [Elcomsoft Distributed Agent] C:\Program Files (x86)\Elcomsoft Password Recovery\Distributed Password Recovery\epr_agent.exe (Elcomsoft Co. Ltd.)
O4 - HKCU..\Run: [ElcomSoft DPR Server] C:\Program Files (x86)\Elcomsoft Password Recovery\Distributed Password Recovery\edpr_server.exe (Elcomsoft Co. Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Nikita Breyer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Nikita Breyer\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Nikita Breyer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Nikita Breyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Nikita Breyer\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Nikita Breyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nikita Breyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nikita Breyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28F6A706-F5ED-4FB9-B6AD-E43C11AD77F9}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9063D2CF-16B5-4199-B8B5-678E0ECA6991}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 1 Day ==========
 
[2012.08.24 03:17:02 | 000,000,000 | ---D | C] -- C:\Users\Nikita Breyer\AppData\Roaming\hellomoto
[2012.08.24 03:04:15 | 000,000,000 | ---D | C] -- C:\Users\Nikita Breyer\AppData\Roaming\Malwarebytes
[2012.08.24 03:04:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.24 03:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.24 03:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.24 03:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.24 03:02:59 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nikita Breyer\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.24 03:00:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Nikita Breyer\Desktop\OTL.exe
[2012.08.24 00:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2012.08.24 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Nikita Breyer\AppData\Roaming\F-Secure
 
========== Files - Modified Within 1 Day ==========
 
[2012.08.24 03:42:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.24 03:42:36 | 2099,589,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.24 03:40:56 | 000,000,380 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterLogonTask.job
[2012.08.24 03:40:56 | 000,000,372 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterLogonTask.job
[2012.08.24 03:40:56 | 000,000,368 | -H-- | M] () -- C:\Windows\tasks\GboxUpdaterLogonTask.job
[2012.08.24 03:39:41 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.08.24 03:21:20 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.24 03:03:04 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nikita Breyer\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.24 03:00:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nikita Breyer\Desktop\OTL.exe
[2012.08.24 02:50:53 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterRefreshTask.job
[2012.08.24 02:50:53 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterRefreshTask.job
[2012.08.24 02:50:53 | 000,000,348 | -H-- | M] () -- C:\Windows\tasks\GboxUpdaterRefreshTask.job
[2012.08.24 02:50:08 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 02:50:08 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 02:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.24 00:35:32 | 000,001,225 | ---- | M] () -- C:\Users\Nikita Breyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
[2012.08.24 00:23:05 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012.08.24 00:15:02 | 000,000,622 | ---- | M] () -- C:\infect.fstmp
[2012.08.24 00:03:52 | 000,000,276 | ---- | M] () -- C:\error.fstmp
[2012.08.23 23:56:14 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4289409496-1781856046-3391780416-1001UA.job
[2012.08.23 17:56:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4289409496-1781856046-3391780416-1001Core.job
 
========== Files Created - No Company Name ==========
 
[2012.08.24 03:39:41 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.08.24 03:19:09 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\U\00000008.@
[2012.08.24 03:19:09 | 000,093,184 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\U\80000032.@
[2012.08.24 03:19:08 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\U\000000cb.@
[2012.08.24 03:04:06 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.24 02:48:52 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\U\80000064.@
[2012.08.24 01:37:34 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\U\00000004.@
[2012.08.24 00:33:18 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\U\80000000.@
[2012.08.24 00:00:00 | 000,000,622 | ---- | C] () -- C:\infect.fstmp
[2012.08.24 00:00:00 | 000,000,276 | ---- | C] () -- C:\error.fstmp
[2012.07.28 21:32:50 | 000,117,708 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.07.21 16:52:50 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\L\00000004.@
[2012.07.19 15:54:14 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.07.18 18:18:49 | 000,129,136 | ---- | C] () -- C:\Windows\SysWow64\rohos_btkey.dll
[2012.07.18 18:18:48 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\rohos_btkey2.dll
[2012.07.18 18:18:48 | 000,034,304 | ---- | C] () -- C:\Windows\SysWow64\rohos_mifare.dll
[2012.07.18 16:55:04 | 002,248,018 | ---- | C] () -- C:\Users\Nikita Breyer\update teamspeak.rar
[2012.07.13 22:48:47 | 000,384,844 | ---- | C] () -- C:\Users\Nikita Breyer\AppData\Local\funmoods-speeddial.crx
[2012.06.08 12:35:28 | 000,018,133 | ---- | C] () -- C:\Users\Nikita Breyer\AppData\Local\recently-used.xbel
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.05.17 00:04:21 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.17 00:04:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.17 00:04:00 | 000,007,602 | ---- | C] () -- C:\Users\Nikita Breyer\AppData\Local\Resmon.ResmonCfg
[2012.05.13 22:30:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2c7905d4-0898-4002-8e15-478e276abb41}\@
[2012.05.13 22:30:36 | 000,002,048 | -HS- | C] () -- C:\Users\Nikita Breyer\AppData\Local\{2c7905d4-0898-4002-8e15-478e276abb41}\@
[2012.05.04 12:58:49 | 000,019,514 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.27 15:24:17 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.04.15 07:37:26 | 001,598,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
         
--- --- ---




Wie soll ich nun fortfahren und den pc bereinigen?:/

PS: Ich hab jetzt keinen sperrbildschirm mehr und der pc läuft wieder einwndfrei.
Bis auf dass das mein virenscanner (hab f-secure)
anzeigt dass es einen virus gibt aber dieser nicht bereinigt werden kann?!?
Ich fühl mich jetzt ein bisschen unwohl ..und wollt euch mal fragen was ich jetzt am besten mache.....vielen dank

 

Themen zu bundestrojaner (sperrbildschirm)
adobe, adobe flash player, bho, bonjour, browser, bundes-polizei-virus, converter, document, explorer, firefox, flash player, format, gadgetbox, helper, homepage, incredibar toolbar, launch, logfile, microsoft, mp3, neu, nvidia, nvidia update, object, opera, optimizer pro, plug-in, registry, scan, server.exe, software, sperrbildschirm, spotify web helper, trojaner - ihr computer wurde gesperrt, usb 3.0, windows, winlogon, wrapper




Ähnliche Themen: bundestrojaner (sperrbildschirm)


  1. AKM Trojaner mit Sperrbildschirm auf Windows 7 32 Bit
    Log-Analyse und Auswertung - 30.09.2015 (9)
  2. Windows 7: GVU/BKA Trojaner mit Sperrbildschirm
    Log-Analyse und Auswertung - 30.06.2014 (11)
  3. Win7 Weißer Sperrbildschirm
    Log-Analyse und Auswertung - 06.01.2014 (15)
  4. Weißer Sperrbildschirm
    Log-Analyse und Auswertung - 01.12.2013 (13)
  5. BND Trojaner, weißer Sperrbildschirm
    Log-Analyse und Auswertung - 28.11.2013 (14)
  6. Windows Vista: Österreichischer Bundestrojaner / Sperrbildschirm
    Log-Analyse und Auswertung - 25.11.2013 (15)
  7. Bundespolizei Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (13)
  8. GVU Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (17)
  9. Sperrbildschirm BKA usw.
    Log-Analyse und Auswertung - 18.11.2013 (7)
  10. Sperrbildschirm Interpol
    Log-Analyse und Auswertung - 03.10.2013 (12)
  11. Win 7: Weißer Sperrbildschirm
    Log-Analyse und Auswertung - 18.09.2013 (11)
  12. Sperrbildschirm GVU trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (3)
  13. GVU Trojaner Sperrbildschirm
    Log-Analyse und Auswertung - 23.05.2013 (39)
  14. Sperrbildschirm - BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (10)
  15. weißer Sperrbildschirm
    Log-Analyse und Auswertung - 03.03.2013 (2)
  16. Bundestrojaner -Sperrbildschirm
    Log-Analyse und Auswertung - 24.08.2012 (1)
  17. Bundespolizei - Sperrbildschirm (Ukash 100€)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)

Zum Thema bundestrojaner (sperrbildschirm) - Mich hats heute als ich ein prog downloaden wollte vom "bundestrojaner" erwischt.. Es zeigte einen Sperrbildschirm auf welchem stand ,dass ich die gesetzgebung usw. verletzt hätte und 100E€ zahlen muss - bundestrojaner (sperrbildschirm)...
Archiv
Du betrachtest: bundestrojaner (sperrbildschirm) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.