Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
"Bundespolizei Trojaner" komplett entfernt?

"Bundespolizei Trojaner" komplett entfernt?


Log-Analyse und Auswertung: "Bundespolizei Trojaner" komplett entfernt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.11.2011, 17:06   #1
Ben89
 
"Bundespolizei Trojaner" komplett entfernt? - Standard

"Bundespolizei Trojaner" komplett entfernt?


Guten Tag,

vor zwei Tagen wurde mein System mit dem "Bundespolizei-Trojaner" infiziert, welcher den PC sperrt und nur eine Meldung anzeigt, auf der man dazu aufgefordert wird per UCASH oder PaySafe Card 100€ zu bezahlen.

Daraufhin habe ich recherchiert und versucht das Problem selbst zu lösen, bin mir aber nicht ganz sicher, ob ich den Trojaner komplett los bin, weshalb ich hier nun den Rat von Experten suche.

Zunächst habe ich im abgesicherten Modus in der Regestry nach einem Prozess namens "mahamd" oder so ähnlich gesucht, welchen ich gelöscht habe, dieser sperrte offensichtlich den PC. Eingenistet war er in meinem Antivir, dass die Bedrohung auch erkannt hatte, jedoch stand bei ausgeführte Aktion "Zugriff erlauben".

Daraufhin wollte ich die Systemwiederherstellung nutzen, dies schlug aber nach dem Neustart dann fehl, weil keine Systemwiederherstellpunkte vorhanden waren, diese wurden wohl gelöscht, weshalb ich nur vermuten kann, dass ich eine neuere Version von dem Trojaner bekommen habe.

In Folge dessen habe ich mir dann den CCleaner, Malwarebytes Antimalware und SUPERAntiSpyware geladen und alle Programme durchlaufen lassen. Ebenso habe ich das Antivir deinstalliert und durch die Testversion von Kaspersky ersetzt. Dabei haben SUPERAntiSpyware wie auch Kaspersky Bedrohungen gefunden und gelöscht und sagen mir nun, mein PC sei sicher.

Dessen bin ich mir leider nicht sicher, da im Taskmanager unter Prozesse "viel Bewegung" herscht, also die einzelnen Prozesse wechseln die Position, so als würde für Sekundenbruchteile ein Prozess da sein und wieder verschwinden. Ich hoffe man kann einigermaßen verstehen was ich meine.

Nun erhoffe ich mir, dass durch Einsicht der Logs mehr Klarheit geschaffen werden kann. Ich danke schonmal im voraus für die Hilfe!

Hier das OTL Logfile:

OTL logfile created on: 15.11.2011 12:59:21 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,75% Memory free
4,23 Gb Paging File | 2,74 Gb Available in Paging File | 64,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 5,08 Gb Free Space | 6,82% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 17,68 Gb Free Space | 15,82% Space Free | Partition Type: NTFS

Computer Name: B1 | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2011.11.07 00:48:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009.04.14 06:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2011.11.07 00:48:04 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010.10.28 17:55:02 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2010.10.28 17:55:02 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2010.10.28 17:55:02 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008.01.19 09:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2009.09.18 09:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009.06.03 09:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1)
DRV:64bit: - [2010.07.28 23:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.18 18:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.68
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.07 00:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.05 12:26:29 | 000,000,000 | ---D | M]

[2010.10.19 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions
[2011.02.20 21:22:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.28 23:07:49 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775
[2011.11.09 13:34:59 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml
[2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml
[2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml
[2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml
[2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml
[2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml
[2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml
[2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml
[2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml
[2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml
[2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml
[2011.08.25 19:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.16 12:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.10.22 10:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.25 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.06 12:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2011.11.07 00:48:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.02.08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2010.01.08 21:08:52 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011.11.07 00:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.07 00:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.07 00:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.07 00:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.07 00:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.07 00:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKCU..\Run: [avupdate] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57B1C92-0FAE-4CA5-BF60-3085AD8951B7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.15 12:58:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2011.11.15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Neuer Ordner (3)
[2011.11.14 19:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.11.14 19:09:22 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.11.13 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.13 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.13 13:22:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2011.11.13 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.13 13:22:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.13 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.13 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.11 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\avatare
[1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.15 12:50:46 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 12:50:46 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 12:50:46 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 12:50:46 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 12:50:46 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 12:46:26 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 12:46:26 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 12:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 12:46:06 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 12:43:38 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable
[2011.11.14 19:13:56 | 000,017,408 | ---- | M] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db
[2011.11.14 19:12:25 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.11.14 19:12:25 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.11.13 23:38:32 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.13 18:55:08 | 000,007,776 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg
[2011.11.13 15:53:34 | 000,232,568 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg
[2011.11.06 10:12:44 | 000,006,944 | ---- | M] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.10.24 00:49:31 | 000,087,040 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.15 12:43:37 | 000,000,188 | ---- | C] () -- C:\Users\xxxx\defogger_reenable
[2011.11.14 19:13:47 | 000,017,408 | ---- | C] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db
[2011.11.14 19:12:25 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.11.14 19:12:25 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.11.13 23:38:32 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.13 19:21:56 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.13 18:55:03 | 000,007,776 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg
[2011.11.13 15:53:04 | 000,232,568 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg
[2011.06.13 02:00:23 | 000,000,732 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps64.dat
[2011.01.09 04:51:27 | 000,006,944 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.01.01 21:09:53 | 000,004,096 | -H-- | C] () -- C:\Users\xxxx\AppData\Local\keyfile3.drm
[2010.10.24 19:31:02 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.24 19:31:01 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.10.24 12:19:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.24 12:09:53 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.23 02:11:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.10.22 21:41:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.10.22 21:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.10.22 21:40:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.10.21 18:40:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2010.10.21 16:56:09 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010.10.18 20:58:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.10.17 18:19:40 | 000,087,040 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009.04.14 06:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2009.04.14 06:45:04 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe
[2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

========== LOP Check ==========

[2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon
[2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go
[2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC
[2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ
[2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient
[2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC
[2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan
[2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software
[2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1
[2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland
[2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client
[2011.11.15 12:44:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

Themen zu "Bundespolizei Trojaner" komplett entfernt?
antivir, autorun, bho, entfernt?, error, firefox, helper, kaspersky, kaspersky anti-virus 2012, logfile, mozilla, national, nicht sicher, object, plug-in, problem, prozess, prozesse, realtek, registry, scan, security, senden, software, system, taskmanager, tastatur, trojaner, version=1.0, vista


« wieder Trojaner direkt nach Windows Installation | Malware Problem/TR SpyBanker.Gen2 »


Ähnliche Themen: "Bundespolizei Trojaner" komplett entfernt?


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Trojaner entfernt: RegSvr32 Fehler beim Laden des Moduls ""
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (11)
  3. Bundespolizei Ukash Trojaner ; "Xubuntu 12.04" findet Laufwerk "C" nicht.
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  4. "Data Restore" entfernt - Rechner komplett sauber?
    Log-Analyse und Auswertung - 09.04.2012 (20)
  5. "Windows nicht mehr sicher" Trojaner/Virus entfernt?
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (1)
  6. Trojaner "System Repair" in Windows Vista wirklich entfernt?
    Log-Analyse und Auswertung - 18.12.2011 (82)
  7. Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners
    Log-Analyse und Auswertung - 25.11.2011 (47)
  8. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  9. PC clean? "Windows 7 Recovery " entfernt mit Trojaner-Board Anleitung
    Log-Analyse und Auswertung - 01.06.2011 (12)
  10. "BKA/uKash"-Trojaner - Wie komplett beseitigen?
    Log-Analyse und Auswertung - 12.05.2011 (43)
  11. Hatte Trojaner, habe ihn entfernt. AntiVir bringt jetzt Meldung "verstecktes Objekt" = Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (21)
  12. 30tan-Trojaner entfernt und nun Meldung "fehlende hdwwicpl.dll" // Bluescreen bei gmer.exe
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (30)
  13. Wurde Trojaner "erweiterung.exe" entfernt? Bitte um Hilfe!
    Log-Analyse und Auswertung - 23.10.2008 (1)
  14. Trojaner "TR/Dldr.Delf.edl" gefunden und entfernt - war's das wirklich?
    Log-Analyse und Auswertung - 25.03.2008 (6)
  15. Woher weiß ich, ob ein "Trojaner Horse" komplett weg ist?
    Plagegeister aller Art und deren Bekämpfung - 30.01.2007 (4)
  16. Trojaner entfernt, nun "Error: loader coudn`t initialize service!"
    Plagegeister aller Art und deren Bekämpfung - 22.10.2005 (1)
  17. Trojaner "Trojan-Downloader.JS.Psyme.ap" kann nicht entfernt werden...
    Mülltonne - 05.06.2005 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Bundespolizei Trojaner" komplett entfernt? - Guten Tag, vor zwei Tagen wurde mein System mit dem "Bundespolizei-Trojaner" infiziert, welcher den PC sperrt und nur eine Meldung anzeigt, auf der man dazu aufgefordert wird per UCASH oder - "Bundespolizei Trojaner" komplett entfernt?...
Archiv
Du betrachtest: "Bundespolizei Trojaner" komplett entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131