Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück

Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück


Plagegeister aller Art und deren Bekämpfung: Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.08.2016, 21:14   #1
Quassel Lp
 
Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück - Standard

Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück


Das war die letzte Aktion meines Vaters mit Spybot. Malwarebytes hat er gelöscht. Windows Defender ist aktiv.

Code:
ATTFilter
Search results from Spybot - Search & Destroy

12.08.2016 15:45:47
Scan took 00:12:21.
36 items found.

DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\OCS\lastPID
  Category=PUPS
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\OCS\PID
  Category=PUPS
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Carl Küschall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B6TP2NZN\localhost\so.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
  Properties.size=1392
  Properties.md5=0F69512A34E71C6BAAE023A4087BB5D7
  Properties.filedate=1469466019
  Properties.filedatetext=2016-07-25 17:00:18

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Carl Küschall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B6TP2NZN\skype.com\#ui\preferences.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
  Properties.size=204
  Properties.md5=772F59E3E264D74B100D91C34D0C1709
  Properties.filedate=1471015043
  Properties.filedatetext=2016-08-12 15:17:22

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): Carl Küschall) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): Carl Küschall) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): Carl Küschall) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: Carl Küschall (default)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\7-ZIP\FM\FolderHistory
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\7-ZIP\FM\PanelPath0
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Microsoft Management Console\Recent File List
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $49804B54] Browser: Cookie (108) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $49804B54] Browser: Cache (1266) (Browser: Cache, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Verlauf: [SBI $49804B54] Browser: History (9) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $49804B54] Browser: Cookie (295) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Verlauf: [SBI $49804B54] Browser: History (4233) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54


--- Spybot - Search & Destroy version: 2.6.44.134  DLL (build: 20160321) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-07-21 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-07-19 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2016-08-03 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-07-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-08-10 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-08-10 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-08-10 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Code:
ATTFilter
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	DownloadSponsor
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\OCS\lastPID
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\OCS\PID
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\OCS\lastPID
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\OCS\PID
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Macromedia.FlashPlayer.Cookies
[+]	16-08-12 16:04:24	Moving into quarantine	C:\Users\Carl Küschall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B6TP2NZN\localhost\so.sol
[+]	16-08-12 16:04:24	Moving into quarantine	C:\Users\Carl Küschall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B6TP2NZN\skype.com\#ui\preferences.sol
[+]	16-08-12 16:04:24	Successfully cleaned	C:\Users\Carl Küschall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B6TP2NZN\localhost\so.sol
[+]	16-08-12 16:04:24	Successfully cleaned	C:\Users\Carl Küschall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B6TP2NZN\skype.com\#ui\preferences.sol
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	MediaPlex
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Internet Explorer (Benutzer): Carl Küschall)Cookie:carl küschall@mediaplex.com/ ()
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Internet Explorer (Benutzer): Carl Küschall)Cookie:carl küschall@mediaplex.com/ ()
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	CasaleMedia
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Internet Explorer (Benutzer): Carl Küschall)Cookie:carl küschall@casalemedia.com/ ()
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMID)
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMPS)
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMST)
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMDD)
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMRUM3)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Internet Explorer (Benutzer): Carl Küschall)Cookie:carl küschall@casalemedia.com/ ()
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMID)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMPS)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMST)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMDD)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).casalemedia.com/ (CMRUM3)
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	DoubleClick
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Internet Explorer (Benutzer): Carl Küschall)Cookie:carl küschall@doubleclick.net/ ()
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).doubleclick.net/ (id)
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).doubleclick.net/ (IDE)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Internet Explorer (Benutzer): Carl Küschall)Cookie:carl küschall@doubleclick.net/ ()
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).doubleclick.net/ (id)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).doubleclick.net/ (IDE)
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Statcounter
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).statcounter.com/ (is_visitor_unique)
[+]	16-08-12 16:04:24	Moving into quarantine	Cookie (Firefox: Carl Küschall (default)).statcounter.com/ (is_unique)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).statcounter.com/ (is_visitor_unique)
[+]	16-08-12 16:04:24	Successfully cleaned	Cookie (Firefox: Carl Küschall (default)).statcounter.com/ (is_unique)
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	7-Zip
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\7-ZIP\FM\FolderHistory
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\7-ZIP\FM\PanelPath0
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\7-ZIP\FM\FolderHistory
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\7-ZIP\FM\PanelPath0
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Internet Explorer
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	MS Management Console
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	MS Direct3D
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	MS DirectDraw
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	MS DirectInput
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Windows
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Windows Explorer
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Windows Media SDK
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+]	16-08-12 16:04:24	Moving into quarantine	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+]	16-08-12 16:04:24	Successfully cleaned	HKEY_USERS\S-1-5-21-1264686632-1428422705-2060577652-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Cookie
[+]	16-08-12 16:04:24	Moving into quarantine	Internet Explorer (Benutzer) (Carl Küschall)Cookies
[+]	16-08-12 16:04:24	Moving into quarantine	Firefox (Carl Küschall (default))Cookies
[+]	16-08-12 16:04:24	Successfully cleaned	Internet Explorer (Benutzer) (Carl Küschall)Cookies
[+]	16-08-12 16:04:24	Successfully cleaned	Firefox (Carl Küschall (default))Cookies
[i]	16-08-12 16:04:24		
[i]	16-08-12 16:04:24	Product	Cache
[+]	16-08-12 16:04:24	Moving into quarantine	Internet Explorer (Benutzer) (Carl Küschall)Cache
[+]	16-08-12 16:04:25	Successfully cleaned	Internet Explorer (Benutzer) (Carl Küschall)Cache
[i]	16-08-12 16:04:25		
[i]	16-08-12 16:04:25	Product	Verlauf
[+]	16-08-12 16:04:25	Moving into quarantine	Internet Explorer (Benutzer) (Carl Küschall)History
[+]	16-08-12 16:04:25	Moving into quarantine	Google Chrome (Default)History
[+]	16-08-12 16:04:25	Successfully cleaned	Internet Explorer (Benutzer) (Carl Küschall)History
[+]	16-08-12 16:04:25	Successfully cleaned	Google Chrome (Default)History
[i]	16-08-12 16:04:25		
[i]	16-08-12 16:04:25	Summary	
[i]	16-08-12 16:04:25	Errors while cleaning	0
[i]	16-08-12 16:04:25	Files moved into quarantine	36
[i]	16-08-12 16:04:25	Files successfully cleaned	36

Antwort

Themen zu Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück
admin, admin funkt nicht mehr, aktiviert, beginnt, einiger, einstellungen, entferne, gen, inaktiv, interne, internet, internet verbrauch, massen, minute, minuten, neustart, problem, rechte, spybot, system, taskmanager, troja, vater, versucht, virus, wiederkehrender, woche, wochen


« Email Account gehackt? | System Clean? Malwarebytes erkennt 2 Schadhafte Dateien laut Kaspersky ist das System Sicher »


Ähnliche Themen: Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück


  1. Proxyserverproblem - Haken Interneteinstellungen kehrt immer wieder zurück - Virus?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2014 (5)
  2. Ordner kehrt immer wieder zurück: C:\ProgramData\boost_interprocess?
    Plagegeister aller Art und deren Bekämpfung - 28.02.2014 (22)
  3. Mittem im spiel kehrt windows auf den destop zurück
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (16)
  4. BDS/ZeroAccess.Gen - kehrt stets zurück
    Log-Analyse und Auswertung - 15.02.2013 (17)
  5. Virus(Pup.Datamngr) kommt immer wieder zurück
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (11)
  6. Infizierte Datei kehrt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (7)
  7. iOS-Privacy-App kehrt als Web-App zurück
    Nachrichten - 30.08.2012 (0)
  8. Viren kommen immer wieder zurück! -.-
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (3)
  9. System kehrt immerwieder auf Desktop zurück, Google Links rufen unerwünschte Seiten auf
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (13)
  10. win32/cycbot auf Windows 7 kehrt immer wieder zurück..
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (33)
  11. TR/PSW.Zbot kehrt immer wieder
    Log-Analyse und Auswertung - 11.06.2010 (32)
  12. IEXPLORE.EXE kehrt immer wieder zurück
    Log-Analyse und Auswertung - 09.06.2008 (6)
  13. Browser kehrt immer auf Google-Startseite zurück...Hilfe
    Log-Analyse und Auswertung - 03.06.2008 (1)
  14. Immer wieder auf den Desktop zurück
    Alles rund um Windows - 24.12.2006 (2)
  15. Trojaner kommt immer wieder zurück
    Plagegeister aller Art und deren Bekämpfung - 06.12.2006 (17)
  16. Adware und/oder Spyware kehrt immer wieder zurück
    Log-Analyse und Auswertung - 29.06.2006 (13)
  17. virus kommt immer wieder zurück
    Plagegeister aller Art und deren Bekämpfung - 04.04.2005 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück - Das war die letzte Aktion meines Vaters mit Spybot. Malwarebytes hat er gelöscht. Windows Defender ist aktiv. Code: Alles auswählen Aufklappen ATTFilter Search results from Spybot - Search & Destroy - Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück...
Archiv
Du betrachtest: Internet ziehender und Administratoren-rechte nehmender Virus kehrt immer wieder zurück auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131