Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Virus

Bundespolizei Virus


Log-Analyse und Auswertung: Bundespolizei Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.08.2011, 23:42   #1
cosmintor
 
Bundespolizei Virus - Standard

Bundespolizei Virus


Hallo liebe community,

Mich hat es auch erwischt, beim start meines computers oeffnet sich ein fenster der bundespolizei. Ich soll fuer die entsperrung meines computer 100 euro zahlen. Ich habe schon mal ein bischen herumgeschaut und einige anweisungen befolgt. Ich habe mir Reatogo X pe auf eine Cd gebrannt, den OTLPE scanner durchlaufen lassen und bin zu diesem ergebnis gekommen:


Zitat:
OTL logfile created on: 8/7/2011 11:40:50 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.11 Gb Total Space | 267.64 Gb Free Space | 59.33% Space Free | Partition Type: NTFS
Drive D: | 298.02 Gb Total Space | 151.06 Gb Free Space | 50.69% Space Free | Partition Type: FAT32
Drive E: | 14.63 Gb Total Space | 8.95 Gb Free Space | 61.16% Space Free | Partition Type: FAT32
Drive F: | 1.85 Gb Total Space | 1.81 Gb Free Space | 97.85% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Hamachi2Svc)
SRV - File not found [Auto] -- -- (EasyVpnAdpt)
SRV - File not found [Auto] -- -- (CrdphService)
SRV - [2011/08/03 18:22:28 | 003,542,616 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/06 13:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/09 22:50:30 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/03/09 16:59:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/03/08 16:51:12 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/09/01 08:48:04 | 000,040,960 | ---- | M] () [Auto] -- C:\Users\Theo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/10/06 19:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/04 20:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/04 04:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007/04/13 13:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva388)
DRV - File not found [Kernel | On_Demand] -- -- (XDva385)
DRV - File not found [Kernel | On_Demand] -- -- (XDva384)
DRV - File not found [Kernel | On_Demand] -- -- (XDva379)
DRV - File not found [Kernel | On_Demand] -- -- (XDva377)
DRV - File not found [Kernel | On_Demand] -- -- (XDva374)
DRV - File not found [Kernel | On_Demand] -- -- (XDva372)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva367)
DRV - File not found [Kernel | On_Demand] -- -- (XDva366)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva361)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva345)
DRV - File not found [Kernel | On_Demand] -- -- (XDva344)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva342)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand] -- -- (AODDriver4.0)
DRV - [2011/07/06 13:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 13:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/09 23:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 23:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/09 22:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/13 04:01:44 | 000,017,816 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cmdatp.sys -- (ATP)
DRV - [2010/02/18 03:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/09 10:03:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/06 19:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/31 22:22:30 | 000,029,696 | ---- | M] () [Kernel | On_Demand] -- C:\Users\Theo\AppData\Local\Temp\jfdcd.sys -- (jfdcd)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/18 11:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/04 20:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007/11/14 04:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/05/14 05:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 19:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/30 18:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\Theo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\Theo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.genieo.com/
IE - HKU\Theo_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Theo_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Theo_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKU\Theo_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Theo_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Theo_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\Theo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Theo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/09 13:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/09 13:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 07:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 09:34:35 | 000,000,000 | ---D | M]

[2011/03/07 14:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/14 09:20:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/14 09:20:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/05/03 14:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/03 14:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/03 14:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/28 10:25:21 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober6500093.xml
[2011/05/03 14:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/03 14:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Theo_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\Theo_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Theo_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BabylonToolbar] File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Theo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Theo_ON_C..\Run: [avupdate] C:\Users\Theo\AppData\Roaming\jashla.exe (aIKf)
O4 - HKU\Theo_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Theo_ON_C..\Run: [Comodo EasyVPN] File not found
O4 - HKU\Theo_ON_C..\Run: [EA Core] File not found
O4 - HKU\Theo_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\Theo_ON_C..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 09:22:29 | 000,199,168 | ---- | C] (aIKf) -- C:\Users\Theo\AppData\Roaming\jashla.exe
[2011/07/21 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Genieo
[2011/07/20 07:02:32 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2011/07/20 07:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Fliptoast
[2011/07/20 07:02:26 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\com.w3i.fliptoast
[2011/07/20 07:02:18 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\W3i, LLC
[2011/07/20 07:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/19 12:51:32 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Malwarebytes
[2011/07/19 12:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 12:51:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/19 12:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/19 12:51:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/19 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/16 12:17:24 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\AMD
[2011/07/16 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/16 12:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/07/16 12:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/16 12:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/16 12:03:19 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2011/07/16 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/16 12:00:19 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011/07/16 12:00:18 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Difxapi.dll
[2011/07/16 12:00:18 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2011/07/13 15:21:34 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 15:21:29 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 15:21:29 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/11 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinecraftAlpha
[3 C:\Users\Theo\AppData\Local\*.tmp files -> C:\Users\Theo\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 13:09:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/07 13:08:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 13:08:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 13:04:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 13:01:45 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 09:54:18 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177037306-858877781-1650537632-1002UA.job
[2011/08/07 09:39:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 09:22:29 | 000,199,168 | ---- | M] (aIKf) -- C:\Users\Theo\AppData\Roaming\jashla.exe
[2011/08/07 05:29:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1E08EB3A-A377-45DD-A19D-3DD292022ABA}.job
[2011/08/05 15:54:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177037306-858877781-1650537632-1002Core.job
[2011/07/20 07:03:39 | 000,000,778 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fliptoast.lnk
[2011/07/19 12:51:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/18 05:47:12 | 000,044,032 | ---- | M] () -- C:\Users\Theo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/16 17:32:12 | 000,000,413 | ---- | M] () -- C:\Users\Theo\Desktop\CrossFire.lnk
[2011/07/16 12:05:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/16 11:55:00 | 000,007,728 | ---- | M] () -- C:\Users\Theo\AppData\Local\d3d9caps.dat
[2011/07/15 19:06:30 | 000,000,074 | ---- | M] () -- C:\Users\Theo\AppData\default.pls
[2011/07/13 21:24:10 | 000,308,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/11 17:46:33 | 000,000,971 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[3 C:\Users\Theo\AppData\Local\*.tmp files -> C:\Users\Theo\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 07:02:29 | 000,000,778 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fliptoast.lnk
[2011/07/16 17:32:12 | 000,000,413 | ---- | C] () -- C:\Users\Theo\Desktop\CrossFire.lnk
[2011/07/16 12:14:05 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/16 12:00:19 | 000,150,464 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2011/07/16 12:00:19 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/16 12:00:18 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/07/11 17:46:33 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/03/09 22:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/09 16:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/02/28 18:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/04 09:11:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/09/03 09:07:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/08/29 10:21:26 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/08/24 14:09:25 | 000,000,552 | ---- | C] () -- C:\Users\Theo\AppData\Local\d3d8caps.dat
[2010/07/25 14:32:55 | 000,000,410 | ---- | C] () -- C:\Windows\{27018D57-D152-44EF-BCE0-5E3B3445EABE}_WiseFW.ini
[2010/07/07 08:44:56 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/07 08:44:30 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/07 08:44:20 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/15 05:14:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/04/01 10:07:08 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/04/01 10:07:08 | 000,022,328 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\PnkBstrK.sys
[2010/04/01 10:06:52 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/04/01 10:06:45 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/04/01 10:06:44 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/03/26 15:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/03/04 12:56:14 | 000,007,728 | ---- | C] () -- C:\Users\Theo\AppData\Local\d3d9caps.dat
[2010/02/12 14:15:58 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2010/02/11 10:16:28 | 000,000,872 | ---- | C] () -- C:\Windows\disney.ini
[2009/11/24 09:42:23 | 000,000,143 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/10/11 06:04:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/06 19:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/06 19:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/24 08:58:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:58:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/13 03:54:51 | 000,000,074 | ---- | C] () -- C:\Users\Theo\AppData\default.pls
[2009/08/28 09:39:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/08/13 13:50:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/13 12:26:34 | 000,044,032 | ---- | C] () -- C:\Users\Theo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/13 11:45:15 | 000,000,092 | ---- | C] () -- C:\Users\Theo\AppData\Local\fusioncache.dat
[2009/06/19 14:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/27 08:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/03/27 08:01:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/01/21 03:15:58 | 000,841,428 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,198,404 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/01/25 19:45:02 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,308,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,684,026 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,167,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/01 12:01:26 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\.minecraft
[2011/07/03 14:57:19 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\.ruLes-Minecraft-Launcher
[2011/07/20 07:02:36 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\com.w3i.fliptoast
[2009/12/18 10:29:38 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\FRITZ!
[2011/08/04 05:21:16 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Genieo
[2011/06/18 06:55:40 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\go
[2011/08/07 11:23:36 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\ICQ
[2011/07/19 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\install
[2010/08/29 10:22:29 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Leadertech
[2011/02/09 13:46:23 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Local
[2011/05/06 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\LolClient
[2009/10/12 15:23:38 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\McLoad
[2010/10/28 10:25:29 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Oberon Media
[2009/10/13 05:45:39 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\OCS
[2009/08/29 16:26:19 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\OpenOffice.org
[2009/10/13 05:45:43 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Opera
[2011/07/11 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\TeamViewer
[2011/04/10 11:23:58 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Teeworlds
[2010/02/12 05:48:40 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Touchstone
[2011/06/17 10:46:29 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\TS3Client
[2011/07/20 07:02:18 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\W3i, LLC
[2011/07/16 12:03:45 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2009/08/13 11:41:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/08/29 11:27:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/08/13 11:41:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/06/18 06:56:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2010/05/13 06:12:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/08/13 11:41:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/12/05 06:12:18 | 000,000,000 | ---D | M] -- C:\ProgramData\GamesBar
[2008/03/27 09:00:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab
[2011/05/09 05:22:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/09/04 07:39:58 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2010/10/28 10:25:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Media
[2011/08/07 09:23:26 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010/10/22 10:22:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/08/13 11:41:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/09/15 09:23:51 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2011/07/11 15:09:37 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/13 11:41:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/09/18 12:08:48 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/07/25 14:47:54 | 000,000,000 | ---D | M] -- C:\ProgramData\XBlades
[2010/01/07 14:44:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox
[2008/03/27 10:00:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/04/01 15:57:49 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/24 18:00:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/08/07 13:08:56 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/07 05:29:36 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1E08EB3A-A377-45DD-A19D-3DD292022ABA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >


Ueber baldige hilfe von arne oder einem anderen speazialisten, wuerde ich mich sehr freuen. Danke schon mal im voraus !

Alt 09.08.2011, 15:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus - Standard

Bundespolizei Virus


Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
SRV - File not found [Auto] -- -- (CrdphService)
DRV - File not found [Kernel | On_Demand] -- -- (XDva388)
DRV - File not found [Kernel | On_Demand] -- -- (XDva385)
DRV - File not found [Kernel | On_Demand] -- -- (XDva384)
DRV - File not found [Kernel | On_Demand] -- -- (XDva379)
DRV - File not found [Kernel | On_Demand] -- -- (XDva377)
DRV - File not found [Kernel | On_Demand] -- -- (XDva374)
DRV - File not found [Kernel | On_Demand] -- -- (XDva372)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva367)
DRV - File not found [Kernel | On_Demand] -- -- (XDva366)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva361)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva345)
DRV - File not found [Kernel | On_Demand] -- -- (XDva344)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva342)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Theo_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\Theo_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Theo_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] File not found
O4 - HKU\Theo_ON_C..\Run: [avupdate] C:\Users\Theo\AppData\Roaming\jashla.exe (aIKf)
O4 - HKU\Theo_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Theo_ON_C..\Run: [Comodo EasyVPN] File not found
O4 - HKU\Theo_ON_C..\Run: [EA Core] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011/08/07 09:22:29 | 000,199,168 | ---- | C] (aIKf) -- C:\Users\Theo\AppData\Roaming\jashla.exe
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________

__________________
Antwort

Themen zu Bundespolizei Virus
100 euro, akamai, alternate, antivir, autorun, avira, babylon, babylon toolbar, babylontoolbar, bho, bonjour, browser, bundespolizei virus, conduit, defender, desktop, dsl, entsperrung, error, euro, firefox, format, home, igdctrl.exe, jashla.exe, logfile, lws.exe, mbamservice.exe, object, plug-in, realtek, reatogo, registry, scan, sched.exe, software, start menu, stick, version=1.0, virus, vista


« BKA Virus... | 104 laufende Prozesse »


Ähnliche Themen: Bundespolizei Virus


  1. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (14)
  2. 100 Euro "Bundespolizei" Virus (Zugriff ohne Bildschirmübernahme durch Virus möglich)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (34)
  3. Bundespolizei Virus
    Log-Analyse und Auswertung - 25.11.2012 (5)
  4. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (7)
  5. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (13)
  6. GVU Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (24)
  7. bundespolizei virus
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (8)
  8. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (33)
  9. Gema virus - bundespolizei Virus - popup
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (21)
  10. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (2)
  11. Bundespolizei/BKA -Virus
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (5)
  12. Bundespolizei Virus!
    Log-Analyse und Auswertung - 01.12.2011 (1)
  13. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  14. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (20)
  15. Bundespolizei Virus
    Log-Analyse und Auswertung - 12.08.2011 (1)
  16. Bundespolizei virus
    Log-Analyse und Auswertung - 09.08.2011 (1)
  17. Bundespolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Virus - Hallo liebe community, Mich hat es auch erwischt, beim start meines computers oeffnet sich ein fenster der bundespolizei. Ich soll fuer die entsperrung meines computer 100 euro zahlen. Ich habe - Bundespolizei Virus...
Archiv
Du betrachtest: Bundespolizei Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19