Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
neuer BKA-Trojaner? (GVU)

neuer BKA-Trojaner? (GVU)


Plagegeister aller Art und deren Bekämpfung: neuer BKA-Trojaner? (GVU)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.07.2012, 22:17   #1
_Rhodan_
 
neuer BKA-Trojaner? (GVU) - Standard

neuer BKA-Trojaner? (GVU)


Hallo,

seit heute Mittag wird mir mein PC gesperrt - allerdings nur, wenn ich einen Internetzugang herstelle (offline) läuft der PC. Ich habe recherchiert und festgestellt, dass es der BKA-Trojaner oder auch GVU-Trojaner ist. Allerdings habe ich diesen weder mit dem Kaspersky winunlocker 10.0 noch mit dem 10.0.3 entfernen können (Anleitung nach Chip bzw. botfrei.de). Nach einiger Suche bin ich auf diese Seite gelangt und habe die Anleitung für die "Hilfesuchenden" durchgearbeitet.

Code:
ATTFilter
7.2012 22:15:05 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Ingo\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 66,54% Memory free
3,93 Gb Paging File | 3,17 Gb Available in Paging File | 80,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,26 Gb Total Space | 15,09 Gb Free Space | 30,63% Space Free | Partition Type: NTFS
Drive D: | 62,40 Gb Total Space | 51,49 Gb Free Space | 82,51% Space Free | Partition Type: NTFS
Drive E: | 24,00 Mb Total Space | 14,24 Mb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive I: | 1,92 Gb Total Space | 0,50 Gb Free Space | 25,96% Space Free | Partition Type: FAT
 
Computer Name: THINKPAD | User Name: Ingo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.02 22:03:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe
PRC - [2012.06.12 18:19:31 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.06.12 18:19:30 | 001,196,600 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
PRC - [2012.06.12 18:19:29 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2011.12.14 13:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.12.14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.04.19 03:52:00 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.02 15:08:59 | 000,242,336 | ---- | M] () -- C:\Users\Ingo\AppData\Local\Temp\0_0u_l.exe
MOD - [2012.06.12 18:19:32 | 000,132,664 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012.06.12 18:19:30 | 001,196,600 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
MOD - [2012.06.12 18:19:29 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.06.12 18:19:28 | 002,068,536 | ---- | M] () -- C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.09 02:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\MyToolsNotepad++\NppShell_04.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.24 16:41:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.12 18:19:31 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.05.27 18:00:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.30 12:21:45 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.19 03:52:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011.04.19 03:52:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.04.19 03:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.01.10 17:50:46 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.12 01:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.02 22:06:38 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8306A756-E9C7-4760-9224-E145ADD30EBC}\MpKsl183decf0.sys -- (MpKsl183decf0)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.22 18:10:46 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.07.18 15:31:56 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011.06.25 17:27:43 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.25 17:27:43 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.04.19 03:52:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011.04.19 03:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.04.18 15:43:36 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011.04.18 15:43:26 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.12.30 13:20:22 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010.12.30 13:20:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010.12.30 13:20:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.12.30 13:20:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.12.30 13:20:22 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2009.12.12 01:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.09.06 00:21:46 | 009,833,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009.07.02 10:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.05.11 09:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2008.11.28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2007.02.24 15:42:00 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 17:40:00 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={FDE24DCE-A0F5-43A0-B374-AB601787B7AC}&mid=db66551b62bb47d19a70d1567d5129ac-3108e389ecbbb92fd9c277b92f1f9e4fadbdef85&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 6F 7F ED CB B9 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={30CB5269-6515-447F-8BB2-33E14680D356}&mid=db66551b62bb47d19a70d1567d5129ac-3108e389ecbbb92fd9c277b92f1f9e4fadbdef85&lang=de&ds=tt014&pr=sa&d=2011-12-22 15:23:52&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bec844494-319f-433c-8a66-184484e51697%7D&mid=db66551b62bb47d19a70d1567d5129ac-3108e389ecbbb92fd9c277b92f1f9e4fadbdef85&ds=tt014&v=10.2.0.3&lang=de&pr=sa&d=2011-12-22%2015%3A23%3A52&sap=ku&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.14 21:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.24 16:41:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.14 18:09:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.14 21:28:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.24 16:41:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.14 18:09:47 | 000,000,000 | ---D | M]
 
[2011.04.13 22:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Extensions
[2012.06.29 20:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\pczb0y18.default\extensions
[2012.04.18 23:25:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ingo\AppData\Roaming\mozilla\Firefox\Profiles\pczb0y18.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.28 18:56:44 | 000,000,853 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\pczb0y18.default\searchplugins\11-suche.xml
[2012.06.28 18:56:44 | 000,002,209 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\pczb0y18.default\searchplugins\englische-ergebnisse.xml
[2012.06.28 18:56:44 | 000,010,506 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\pczb0y18.default\searchplugins\gmx-suche.xml
[2012.06.28 18:56:44 | 000,002,368 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\pczb0y18.default\searchplugins\lastminute.xml
[2012.06.28 18:56:44 | 000,005,489 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\pczb0y18.default\searchplugins\webde-suche.xml
[2012.01.03 12:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.14 16:00:35 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\INGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCZB0Y18.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.06.29 20:03:16 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\INGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCZB0Y18.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.11 10:21:35 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\INGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCZB0Y18.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.28 18:56:28 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\INGO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCZB0Y18.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.06.24 16:41:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.14 12:41:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.24 16:41:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 18:19:28 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.24 16:41:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.24 16:41:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 16:41:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 16:41:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 16:41:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0A1241-CD6B-41F7-85AF-F5CB4E20441F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF25033-F873-4971-9454-7088B2344526}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3b1f613-6c31-11e0-9af6-001c25bab085}\Shell - "" = AutoRun
O33 - MountPoints2\{c3b1f613-6c31-11e0-9af6-001c25bab085}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 22:11:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe
[2012.06.28 17:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Stego
[2012.06.20 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\Ingo\workspace
[2012.06.15 21:15:22 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Local\Google
[2012.06.15 21:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.15 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Thunderbird
[2012.06.15 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Local\Thunderbird
[2012.06.11 19:20:41 | 000,000,000 | ---D | C] -- C:\Users\Ingo\Documents\Outlook-Dateien
[2012.06.08 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Ingo\Documents\My Photos
[2012.06.08 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Ingo\Documents\My Documents
[2012.06.08 17:25:02 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Outlook
[2012.06.08 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\ASUS
[2012.06.08 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
[2012.06.08 16:55:38 | 000,000,000 | ---D | C] -- C:\temp
[2012.06.08 16:53:31 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Local\{BA5F88F1-D2F2-4E27-85A3-42F74C7F2FC2}
[2012.06.08 16:53:26 | 000,000,000 | ---D | C] -- C:\Users\Ingo\Documents\Asus WebStorage
[2012.06.08 16:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.06.08 16:53:22 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\ASUS WebStorage
[2012.06.08 16:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2012.06.08 16:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012.06.08 16:48:54 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\eCareme
[2012.06.05 19:45:30 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tools
[2012.06.05 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Roaming\Skype
[2012.06.05 17:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.05 17:13:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.06.05 17:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.03 19:22:44 | 000,000,000 | ---D | C] -- C:\Users\Ingo\AppData\Local\Microsoft_Corporation
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 22:13:44 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 22:13:44 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 22:12:25 | 000,000,000 | ---- | M] () -- C:\Users\Ingo\defogger_reenable
[2012.07.02 22:06:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 22:04:08 | 000,302,592 | ---- | M] () -- C:\Users\Ingo\Desktop\ez0msq3b.exe
[2012.07.02 22:03:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo\Desktop\OTL.exe
[2012.07.02 22:02:34 | 000,050,477 | ---- | M] () -- C:\Users\Ingo\Desktop\Defogger.exe
[2012.07.02 21:47:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 21:05:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 16:55:52 | 000,656,500 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.02 16:55:52 | 000,618,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.02 16:55:52 | 000,131,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.02 16:55:52 | 000,107,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.02 15:12:05 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.07.02 15:09:00 | 000,001,885 | ---- | M] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.01 11:34:13 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2012.06.29 23:06:38 | 000,034,649 | ---- | M] () -- C:\Users\Ingo\.recently-used.xbel
[2012.06.28 07:03:30 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.14 18:55:55 | 000,416,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.10 20:26:17 | 000,000,046 | ---- | M] () -- C:\Users\Ingo\.prolog_console_history
 
========== Files Created - No Company Name ==========
 
[2012.07.02 22:12:25 | 000,000,000 | ---- | C] () -- C:\Users\Ingo\defogger_reenable
[2012.07.02 22:11:28 | 000,302,592 | ---- | C] () -- C:\Users\Ingo\Desktop\ez0msq3b.exe
[2012.07.02 22:11:28 | 000,050,477 | ---- | C] () -- C:\Users\Ingo\Desktop\Defogger.exe
[2012.07.02 15:08:59 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 15:08:59 | 000,001,885 | ---- | C] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.01 11:34:13 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2012.06.29 23:06:38 | 000,034,649 | ---- | C] () -- C:\Users\Ingo\.recently-used.xbel
[2012.06.28 17:26:08 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Stego.lnk
[2012.06.10 20:25:14 | 000,000,046 | ---- | C] () -- C:\Users\Ingo\.prolog_console_history
[2012.03.03 00:27:17 | 000,017,985 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.12.15 17:04:52 | 000,000,154 | ---- | C] () -- C:\Users\Ingo\.appletviewer
[2011.09.05 09:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2011.08.21 12:11:13 | 000,000,268 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.06.25 17:25:19 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.25 17:25:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.04.14 21:22:27 | 000,262,652 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.04.14 21:22:27 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011.04.13 21:36:46 | 001,731,104 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011.04.13 21:36:46 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011.04.13 21:36:46 | 001,514,016 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011.04.13 21:36:46 | 001,108,512 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011.04.13 21:36:46 | 000,473,632 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011.04.13 21:36:46 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011.04.13 21:36:46 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
 
========== LOP Check ==========
 
[2012.06.26 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\.purple
[2011.06.18 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Ashampoo
[2012.06.29 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\ASUS
[2012.06.08 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\ASUS WebStorage
[2012.04.18 23:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\DVDVideoSoft
[2012.04.18 23:25:47 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.08 16:48:54 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\eCareme
[2011.04.14 08:49:41 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Foxit Software
[2012.06.29 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\gtk-2.0
[2011.09.02 15:51:14 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\JavaEditor
[2011.04.14 08:18:31 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Notepad++
[2012.06.08 17:25:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Outlook
[2011.05.03 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\PCDr
[2011.08.15 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Promethean
[2011.05.01 13:12:50 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\PwrMgr
[2011.12.04 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\SWI-Prolog
[2012.06.15 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Thunderbird
[2011.10.22 21:17:56 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\TightVNC
[2011.10.14 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\TuneUp Software
[2011.05.03 20:16:05 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Update
[2011.04.27 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Vodafone
[2011.04.23 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\Vodafone Mobile Broadband
[2011.08.21 12:11:47 | 000,000,000 | ---D | M] -- C:\Users\Ingo\AppData\Roaming\WinCachebox
[2012.06.28 07:03:30 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.12 07:01:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.02 15:12:05 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
< End of report >
Allerdings wurden bei mir nur die OTL.txt (siehe oben) und eine Extras.txt und Gmer.txt erzeugt, Die beiden gewünschten Datein dds.txt und attach.txt jedoch nicht.

Diesen Beitrag habe ich von einem 2. PC geschrieben ... der andere lies ja keinen Internetzugriff mehr zu.

Alt 03.07.2012, 18:34   #2
markusg
/// Malware-holic
 
neuer BKA-Trojaner? (GVU) - Standard

neuer BKA-Trojaner? (GVU)


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.07.02 15:08:59 | 000,001,885 | ---- | C] () -- C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 :Files
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________

__________________
Antwort

Themen zu neuer BKA-Trojaner? (GVU)
adobe, application/pdf:, autorun, avg, avg secure search, avg security toolbar, bho, cid, converter, defender, document, entfernen, explorer, firefox, firefox 13.0.1, flash player, format, gesperrt, home, kaspersky, langs, locker, monitor, mozilla, mp3, plug-in, registry, scan, searchscopes, secure search, security, senden, software, temp, vtoolbarupdater, windows


« Tr.Crypt.XPACK.Gen5 / Tr.Rogue.kdv | Komme nach "blue screen" nur noch mit Internet Explorer ins Internet »


Ähnliche Themen: neuer BKA-Trojaner? (GVU)


  1. Neuer Rechner; Neuer Virenschutz & Windows 8 Secure-Einstellungen
    Antiviren-, Firewall- und andere Schutzprogramme - 12.10.2014 (21)
  2. Neuer Pc, neuer Anfang - Notwendige Schutzprogramme
    Antiviren-, Firewall- und andere Schutzprogramme - 24.08.2013 (3)
  3. mow.exe neuer Trojaner/Bot
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (5)
  4. neuer GVU Trojaner mit Tonausgabe
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (4)
  5. Neuer GVU-Trojaner, Ähnlich wie 2.04!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (27)
  6. Neuer RAT Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.08.2010 (5)
  7. Neuer CiD Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.09.2008 (5)
  8. Neuer Trojaner????
    Plagegeister aller Art und deren Bekämpfung - 04.06.2008 (8)
  9. Neuer Trojaner? :S
    Plagegeister aller Art und deren Bekämpfung - 31.01.2008 (0)
  10. Neuer Trojaner???
    Plagegeister aller Art und deren Bekämpfung - 29.12.2007 (46)
  11. Neuer Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2007 (1)
  12. neuer Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2006 (6)
  13. Neuer Trojaner?
    Log-Analyse und Auswertung - 26.08.2005 (1)
  14. Neuer Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2005 (6)
  15. Neuer Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.10.2004 (5)
  16. Neuer Trojaner ???
    Plagegeister aller Art und deren Bekämpfung - 23.04.2004 (4)
  17. Neuer Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.01.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema neuer BKA-Trojaner? (GVU) - Hallo, seit heute Mittag wird mir mein PC gesperrt - allerdings nur, wenn ich einen Internetzugang herstelle (offline) läuft der PC. Ich habe recherchiert und festgestellt, dass es der BKA-Trojaner - neuer BKA-Trojaner? (GVU)...
Archiv
Du betrachtest: neuer BKA-Trojaner? (GVU) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131