Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Virus/Trojaner

Bundespolizei Virus/Trojaner


Log-Analyse und Auswertung: Bundespolizei Virus/Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.11.2011, 17:27   #1
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner


Hallo zusammen,

leider hat auch mich die Tage der Bundespolizei Virus/Trojaner erwischt.

Ich wollte das Programm VirtualWiFi (Freeware) installieren. Nach der Installation sollte ich auf Updates checken. Ich lud also das vermeintlich neueste Update herunter. Darauf erschien das mir bisher unbekannte Fenster mit der Bundespolizei (100€) und der PC war gesperrt. Unter einem anderen Benutzer fand ich die Datei UPD.EXE und löschte diese. Danach konnte ich wieder als normaler Benutzer (kein Administrator) einloggen.

Malwarebytes fand infizierte Dateien und schob sie in Quarantäne. Leider kann ich das entsprechende logFile und die Bezeichnung der Dateien in Quarantäne nicht wiederfinden.

Ich habe nun versucht die Anleitung abzuarbeiten und füge die erstellten logs ein:

defogger:

Log created at 16:14 on 19/11/2011 (Boss)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL hat leider nur ein Log-File, nämlich OTL.TXT erstellt (Extra.Txt fehlt):

OTL logfile created on: 19.11.2011 16:32:22 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,51% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 174,01 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32

Computer Name: LAPPI-BOSS | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Program Files\FSP\KbdHook.dll ()
MOD - C:\Program Files\FSP\FspLib.dll ()
MOD - C:\Program Files\Rainlendar2\lfs.dll ()
MOD - C:\Program Files\Rainlendar2\lua51.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
MOD - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HWDeviceService.exe) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RSND) -- C:\Users\Boss\AppData\Local\Temp\RSND.exe (Sysinternals - www.sysinternals.com)
SRV - (YJEHRBYH) -- C:\Users\Boss\AppData\Local\Temp\YJEHRBYH.exe (Sysinternals - www.sysinternals.com)
SRV - (RIYSCJEUOHWHV) -- C:\Users\Boss\AppData\Local\Temp\RIYSCJEUOHWHV.exe (Sysinternals - www.sysinternals.com)
SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009.12.31 14:39:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.05.10 08:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.07.30 19:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.14 09:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

[2010.08.14 13:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Extensions
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions
[2011.09.15 10:17:17 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2010.10.03 23:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Amazon Statusbar Button) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.09.14 09:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.18 21:08:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 07:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.08 16:22:48 | 000,001,987 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_amazonde.xml
[2007.01.08 12:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll ()
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Program Files\Preispiraten6\IEButtonPPInterface.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CX Print Msgsrv] C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Viren\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bossi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CB81B2-F7D6-4483-9A84-768138904CAE}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A5C76D-CEA3-4E8C-B4A9-4B1F0746F08B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell - "" = AutoRun
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {71504FB8-F84D-4B63-A97F-D6D5F0F0F410} - msiexec /fus {71504FB8-F84D-4B63-A97F-D6D5F0F0F410} /quiet
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.18 05:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.17 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.17 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualWifiRouter
[2011.11.09 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.19 16:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.19 16:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.11.19 16:19:47 | 000,047,873 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.19 16:19:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 16:19:13 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.19 16:19:13 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.19 16:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.19 16:19:02 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.19 16:13:49 | 000,000,000 | ---- | M] () -- C:\Users\Boss\defogger_reenable
[2011.11.19 14:03:36 | 089,315,518 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.18 13:32:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.18 05:21:55 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.17 00:01:07 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 00:01:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 00:01:07 | 000,165,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 00:01:07 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 20:09:14 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.11 08:39:51 | 298,536,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.09 15:35:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.19 16:13:49 | 000,000,000 | ---- | C] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 05:21:55 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.16 20:09:14 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 15:35:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.13 19:36:02 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.09.02 18:08:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.15 09:58:30 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll
[2009.08.15 09:58:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll
[2009.08.15 09:51:26 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2009.08.15 09:51:26 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2009.08.15 09:51:26 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2009.08.15 09:28:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P3170EGD.ini
[2009.08.15 08:59:54 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw32.bin
[2009.08.13 13:43:59 | 000,053,248 | ---- | C] () -- C:\Windows\JCNETDEL.EXE
[2009.08.13 13:43:59 | 000,000,886 | ---- | C] () -- C:\Windows\JCNETDEL.INI
[2009.08.13 13:43:54 | 000,002,340 | ---- | C] () -- C:\Windows\DELJCNET.INI
[2009.08.13 13:42:15 | 000,000,017 | ---- | C] () -- C:\Windows\PRI_SEEK.INI
[2009.08.11 14:27:19 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.11 14:12:22 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.11 09:58:13 | 000,003,584 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.10 15:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,165,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.08.30 10:38:59 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\AAV
[2009.11.01 12:14:34 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\AVG9
[2009.12.14 10:28:53 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\BatteryCare
[2011.10.12 11:20:51 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.15 09:10:14 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\EPSON
[2009.12.14 09:25:37 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Foxit
[2011.10.03 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GARMIN
[2011.03.05 15:46:07 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GetRightToGo
[2009.09.04 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\metaspinner net GmbH
[2009.08.11 13:13:23 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Opera
[2009.08.15 10:27:36 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Smart Panel
[2011.07.30 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\T-Mobile
[2011.11.19 16:17:54 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.10.31 15:09:09 | 000,000,000 | -H-D | M] -- C:\$AVG
[2011.11.16 18:05:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.03.10 22:41:00 | 000,000,000 | ---D | M] -- C:\0146811ffc1b8b0b30df
[2010.10.13 22:39:05 | 000,000,000 | ---D | M] -- C:\07da8988c193ae67d1c5b8d860dd2f2f
[2011.09.16 13:12:28 | 000,000,000 | ---D | M] -- C:\38e5d8d185cd3563ac
[2011.06.16 07:25:18 | 000,000,000 | ---D | M] -- C:\55aab62fe7af0e8faaab6e2e56c5
[2010.01.14 20:09:33 | 000,000,000 | ---D | M] -- C:\a98e60ffce31682bf9b0
[2009.11.13 19:46:02 | 000,000,000 | ---D | M] -- C:\bd938ea4dd0eb6764d943e3c48f2
[2009.06.09 12:51:36 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.02 08:18:24 | 000,000,000 | ---D | M] -- C:\c457167e499064f3033cb3add1
[2009.06.10 14:45:20 | 000,000,000 | ---D | M] -- C:\CabLogs
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.11 09:05:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.11.23 08:05:36 | 000,000,000 | ---D | M] -- C:\Download
[2011.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\f337b2e861c8652c7f2dbd3a
[2011.04.16 09:52:32 | 000,000,000 | ---D | M] -- C:\f88426b396ebb4a446
[2011.10.03 19:20:32 | 000,000,000 | ---D | M] -- C:\Garmin
[2009.06.10 11:10:38 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.10 16:02:17 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.08.15 10:33:22 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011.11.18 05:21:52 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.18 05:22:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.19 16:34:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.16 17:56:00 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.11 08:39:51 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.11 17:05:35 | 000,000,000 | ---D | M] -- C:\wlbinaries

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-12 09:31:07

< End of report >


GMER ergab folgendes LOG:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2011-11-19 16:30:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: k8niv1wn.exe; Driver: C:\Users\Boss\AppData\Local\Temp\pwtdyfoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


Da AVG AntiVirus die OTL.exe als Virus erkennt ist es noch abgeschaltet.

Ich hoffe, dass ich erstmal die erforderlichen Daten für eine mögliche Hilfe eingefügt habe. Ich würde mich sehr freuen, wenn mir jemand bei der Lösung des Prolems helfen könnte.

Auf jeden Fall sage ich schon mal recht herzlichen Dank. Und auf jeden Fall wünsche ich noch ein schönes WE.

Grüße
Islandis

 

Themen zu Bundespolizei Virus/Trojaner
adobe, antivirus, askbar, avg, avg antivirus, avg security toolbar, bho, bundespolizei, bundestrojaner, c:\windows\system32\rundll32.exe, defender, eraser, firefox, format, google earth, home, infizierte, infizierte dateien, installation, logfile, msiexec, nvlddmkm.sys, plug-in, programm, realtek, registry, required, rundll, scan, security, software, studio, superantispyware, t-mobile, udp, upd.exe, updates, usb, usb 2.0, version=1.0, viren, virus/trojaner, vista


« Dateien auf dem USB stick sind nur noch als Verknüpfungen vorhanden | unbekannte Bedrohung UDS: dangerousobject.multi.generic »


Ähnliche Themen: Bundespolizei Virus/Trojaner


  1. Bundespolizei Virus/Trojaner
    Log-Analyse und Auswertung - 05.01.2014 (5)
  2. Umfrage zur Schadsoftware des sog. "BKA-, GVU-, GEMA-, Bundespolizei-Virus/Trojaner"
    Diskussionsforum - 17.11.2013 (4)
  3. Virus Bundespolizei/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (15)
  4. Bundespolizei-Virus/Trojaner
    Log-Analyse und Auswertung - 15.12.2012 (13)
  5. Der Bundespolizei-Virus/Trojaner-wie werde ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (9)
  6. Bundespolizei Virus,Ucash Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (1)
  7. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  8. Virus/Trojaner von der Bundespolizei
    Log-Analyse und Auswertung - 30.07.2012 (2)
  9. Bundespolizei Virus/trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (6)
  10. Trojaner / Virus - Bundespolizei Einheit 5.2 - 100 Euro...
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (10)
  11. Virus/Trojaner Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  12. Bundespolizei Virus Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  14. Bundespolizei - Virus, Trojaner: Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  15. Trojaner/Virus: Bundespolizei verlangt 100€
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (12)
  16. Bundespolizei Virus / Trojaner eingefangen und total hilflos :-( PC immer noch "gefährdet"
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  17. Bundespolizei Virus / Trojaner - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Virus/Trojaner - Hallo zusammen, leider hat auch mich die Tage der Bundespolizei Virus/Trojaner erwischt. Ich wollte das Programm VirtualWiFi (Freeware) installieren. Nach der Installation sollte ich auf Updates checken. Ich lud also - Bundespolizei Virus/Trojaner...
Archiv
Du betrachtest: Bundespolizei Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131