|
Plagegeister aller Art und deren Bekämpfung: BKA-Virus ( Polizei Virus )Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.11.2012, 12:13 | #1 |
| BKA-Virus ( Polizei Virus ) Hallo Ich habe seit gestern den BKA- Virus auf meinem PC drauf Zunächst habe ich den LAN Kabel gezogen und versucht eine Systemwiederherstellung auf den Stand letzter Woche durchzuführen, leider vergeblich. Dann hab ich mich hier etwas schlau gemacht und es mit Malwarebytes Anti-Malware im abgesicherten Modus versucht hier der LOG : Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.09.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Manuel :: ****-HP [Administrator] 09.11.2012 21:20:37 mbam-log-2012-11-09 (21-20-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 423143 Laufzeit: 1 Stunde(n), 3 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\****\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Letzendlich geling es mir den PC normal zu Starten ohne das der Virus erneut auftaucht. Nun bin ich mir nicht sicher ob der Virus komplett raus ist oder noch besteht und frage euch deshalb um Rat thx im vorraus |
10.11.2012, 14:16 | #2 |
/// Selecta Jahrusso | BKA-Virus ( Polizei Virus )Bitte folge den Anweisungen hier und poste die geforderten Logfiles. http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
10.11.2012, 16:54 | #3 |
| BKA-Virus ( Polizei Virus ) Ok habe die Anweisungen befolgt
__________________1.) Defogger auf dem Desktop instaliert, als Administrator gestartet, auf Disable geklickt. Es kam ein Fenster wo "Finish" stand. Weitere Aufforderungen wurden mir nicht gegeben. Hier der LOG defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:40 on 10/11/2012 (Manuel) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- 2. OTL auf dem Desktop instaliert, als Administrator gestartet, auf Quick Scan geklickt Es kam jedoch nur eine LOG, ein "EXTRA" Log gab es nicht Hier:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/10/2012 4:33:51 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manuel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.14% Memory free 15.96 Gb Paging File | 13.44 Gb Available in Paging File | 84.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.40 Gb Total Space | 759.88 Gb Free Space | 82.74% Space Free | Partition Type: NTFS Computer Name: MANUEL-HP | User Name: Manuel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Manuel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Manuel\Desktop\Defogger.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.) PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Manuel\Desktop\Defogger.exe () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () ========== Services (SafeList) ========== SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (G Data Software AG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{380BFEF9-4761-4204-8BF2-3B3850AB7C3F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{380BFEF9-4761-4204-8BF2-3B3850AB7C3F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100480&babsrc=SP_ss&mntrId=24deb4770000000000003cd92b66eb86 IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKCU\..\SearchScopes\{380BFEF9-4761-4204-8BF2-3B3850AB7C3F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{47A3423C-D427-4290-A0AE-F006B2783350}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4197D45D-7D76-4ED4-BEBD-664E29BE27B9&apn_sauid=D73B54DB-723F-49B1-B197-20DE73EF8BB5 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6PQl0l1gUA&&i=26&search=" FF - prefs.js..network.proxy.http: "174.137.150.197" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 19:34:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 21:15:07 | 000,000,000 | ---D | M] [2011/12/24 20:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions [2012/11/10 11:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\uw7336ck.default\extensions [2011/12/25 15:09:28 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\uw7336ck.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012/09/09 10:03:00 | 000,002,299 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\mozilla\firefox\profiles\uw7336ck.default\searchplugins\askcom.xml [2012/01/11 16:26:10 | 000,002,203 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\mozilla\firefox\profiles\uw7336ck.default\searchplugins\MyStart Search.xml [2012/10/28 14:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/27 19:34:21 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012/10/27 19:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012/10/28 14:02:02 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2012/10/27 19:34:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/31 13:18:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/25 15:13:14 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/08/31 13:18:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/08/31 13:18:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/08/31 13:18:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/08/31 13:18:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/08/31 13:18:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/11/09 18:34:37 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 Sex Dating Casual Friends | Social dating O1 - Hosts: 15276 more lines... O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKCU..\Run: [Spotify] C:\Users\Manuel\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Manuel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\nspdkec6.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab (SysInfo Class) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240131E7-CB77-47E0-935C-08527EF41465}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/10 16:33:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe [2012/11/10 11:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012/11/09 21:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/09 21:19:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/09 21:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/10/27 19:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/17 20:05:29 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\Neuer Ordner [2012/10/15 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Documents\FIFA 13 [2012/10/13 08:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13 ========== Files - Modified Within 30 Days ========== [2012/11/10 16:33:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe [2012/11/10 16:31:39 | 000,050,477 | ---- | M] () -- C:\Users\Manuel\Desktop\Defogger.exe [2012/11/10 16:21:03 | 000,000,000 | ---- | M] () -- C:\Users\Manuel\defogger_reenable [2012/11/10 16:06:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/10 14:19:58 | 000,864,265 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012/11/10 14:19:58 | 000,046,106 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012/11/10 11:23:27 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/10 11:23:27 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/10 11:15:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/10 11:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/10 11:15:42 | 2132,393,983 | -HS- | M] () -- C:\hiberfil.sys [2012/11/09 21:19:11 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/09 20:59:59 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/09 18:34:37 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/02 20:31:11 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForManuel.job [2012/10/29 16:21:34 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/29 16:21:34 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/29 16:21:34 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/29 16:21:34 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/29 16:21:34 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/15 20:15:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012/10/13 08:04:56 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk ========== Files Created - No Company Name ========== [2012/11/10 16:21:03 | 000,000,000 | ---- | C] () -- C:\Users\Manuel\defogger_reenable [2012/11/10 15:19:52 | 000,050,477 | ---- | C] () -- C:\Users\Manuel\Desktop\Defogger.exe [2012/11/09 21:19:11 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/08 23:43:54 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/10/15 20:15:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012/10/13 08:04:56 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk [2012/05/14 22:56:16 | 064,298,492 | ---- | C] () -- C:\Users\Manuel\5z5.wav [2012/04/05 14:38:37 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011/12/27 00:46:21 | 000,864,265 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011/12/24 21:45:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/12/22 17:09:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/11/01 21:07:46 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2011/11/01 20:58:32 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/06/21 08:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/02/11 18:15:43 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/08/05 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ArmA II Launcher [2011/12/25 00:05:05 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\LolClient [2012/10/15 19:16:38 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Origin [2012/04/24 01:03:41 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\PhotoScape [2012/11/10 15:51:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Spotify [2012/03/17 18:23:34 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Teeworlds [2012/11/10 16:20:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\TS3Client [2011/12/30 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\WinBatch [2011/12/22 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > 3. Fällt flach da ich ein 64 Bit System habe |
10.11.2012, 17:03 | #4 |
/// Selecta Jahrusso | BKA-Virus ( Polizei Virus )
Code:
ATTFilter :otl [2012/11/08 23:43:54 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad :commands [reboot]
ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
10.11.2012, 19:59 | #5 |
| BKA-Virus ( Polizei Virus ) 1. OTL ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 11102012_174750 2. ESET Online Scanner ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8c344d17fdbd9c43b6f0115048884544 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-10 06:19:57 # local_time=2012-11-10 07:19:57 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=4096 16777215 100 0 27998095 27998095 0 0 # compatibility_mode=5893 16776573 100 94 25665 104196571 0 0 # compatibility_mode=8192 67108863 100 0 3977 3977 0 0 # scanned=205894 # found=4 # cleaned=0 # scan_time=4876 C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood153.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood75.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Spybot - Search & Destroy\Recovery\ToolbarFacemood153.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Spybot - Search & Destroy\Recovery\ToolbarFacemood75.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I |
10.11.2012, 22:16 | #6 |
/// Selecta Jahrusso | BKA-Virus ( Polizei Virus ) Downloade Dir bitte SecurityCheck
__________________ --> BKA-Virus ( Polizei Virus ) |
10.11.2012, 22:57 | #7 |
| BKA-Virus ( Polizei Virus ) 1. SecurityCheck Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` G Data InternetSecurity 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.1.102.55 Flash Player out of Date! Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe G Data InternetSecurity Firewall GDFwSvcx64.exe G Data InternetSecurity Firewall GDFirewallTray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
11.11.2012, 11:05 | #8 |
/// Selecta Jahrusso | BKA-Virus ( Polizei Virus ) Schalte bitte mal den Benutzerkontensteuerung ein ( UAC ). Ein- und Ausschalten der Benutzerkontensteuerung Stelle sie auf Standard. Sag mir bitte, ob es dabei irgendwelche Probleme gibt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
11.11.2012, 12:48 | #9 |
| BKA-Virus ( Polizei Virus ) UAC Aktiviert auf Standard gestellt, Neu gestartet Fehler erkenne ich keine, läuft alles reibungslos. |
11.11.2012, 15:29 | #10 |
/// Selecta Jahrusso | BKA-Virus ( Polizei Virus )Öffne bitte die Systemsteuerung und stelle auf Große Symbole um. Klicke auf Flashplayer --> Reiter Erweitert. Stelle sicher, dass Zulassen, dass Adobe Upates installiert angestellt ist. Klicke auf Jetzt Überprüfen und installiere dir die aktuelleste Version des Flashplayers. Wenn das ohne Probleme funktioniert hat, sind wir hier durch. Wenn du mit Defogger irgendwelche Treiber deaktiviert hast, starte bitte Defogger und klicke den Re-enable Button. Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen. Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Downloade dir bitte OTC Starte das Tool mit Doppelklick. Dies wird die meisten Logfiles, Tools usw die wir benötigt haben, entfernen. Sollte etwas bestehen bleiben, bitte manuell löschen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
11.11.2012, 19:13 | #11 |
| BKA-Virus ( Polizei Virus ) Ich bedanke mich herzlich Habe nun alle Punkte durchgearbeitet Doch ein Problem gibt es noch und zwar findet er kein "Combofix" und ich kann mich auch schwer daran erinnern jemals sowas Installiert zu haben. |
11.11.2012, 20:18 | #12 |
/// Selecta Jahrusso | BKA-Virus ( Polizei Virus ) Ach ja. Sorry, war mein Fehler. Froh das wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu BKA-Virus ( Polizei Virus ) |
abgesicherten, administrator, anti-malware, appdata, autostart, bka-virus, dateien, explorer, frage, gelöscht, kabel, lan, log, lsass.exe, malwarebytes, microsoft, modus, pc normal, polizei, quarantäne, roaming, service, speicher, starten, systemwiederherstellung, temp, version, virus, wgsdgsdgdsgsd.exe |