Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Virus/Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.11.2011, 16:27   #1
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Hallo zusammen,

leider hat auch mich die Tage der Bundespolizei Virus/Trojaner erwischt.

Ich wollte das Programm VirtualWiFi (Freeware) installieren. Nach der Installation sollte ich auf Updates checken. Ich lud also das vermeintlich neueste Update herunter. Darauf erschien das mir bisher unbekannte Fenster mit der Bundespolizei (100€) und der PC war gesperrt. Unter einem anderen Benutzer fand ich die Datei UPD.EXE und löschte diese. Danach konnte ich wieder als normaler Benutzer (kein Administrator) einloggen.

Malwarebytes fand infizierte Dateien und schob sie in Quarantäne. Leider kann ich das entsprechende logFile und die Bezeichnung der Dateien in Quarantäne nicht wiederfinden.

Ich habe nun versucht die Anleitung abzuarbeiten und füge die erstellten logs ein:

defogger:

Log created at 16:14 on 19/11/2011 (Boss)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL hat leider nur ein Log-File, nämlich OTL.TXT erstellt (Extra.Txt fehlt):

OTL logfile created on: 19.11.2011 16:32:22 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,51% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 174,01 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32

Computer Name: LAPPI-BOSS | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Program Files\FSP\KbdHook.dll ()
MOD - C:\Program Files\FSP\FspLib.dll ()
MOD - C:\Program Files\Rainlendar2\lfs.dll ()
MOD - C:\Program Files\Rainlendar2\lua51.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
MOD - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HWDeviceService.exe) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RSND) -- C:\Users\Boss\AppData\Local\Temp\RSND.exe (Sysinternals - www.sysinternals.com)
SRV - (YJEHRBYH) -- C:\Users\Boss\AppData\Local\Temp\YJEHRBYH.exe (Sysinternals - www.sysinternals.com)
SRV - (RIYSCJEUOHWHV) -- C:\Users\Boss\AppData\Local\Temp\RIYSCJEUOHWHV.exe (Sysinternals - www.sysinternals.com)
SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009.12.31 14:39:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.05.10 08:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.07.30 19:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.14 09:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

[2010.08.14 13:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Extensions
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions
[2011.09.15 10:17:17 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2010.10.03 23:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Amazon Statusbar Button) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.09.14 09:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.18 21:08:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 07:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.08 16:22:48 | 000,001,987 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_amazonde.xml
[2007.01.08 12:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll ()
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Program Files\Preispiraten6\IEButtonPPInterface.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CX Print Msgsrv] C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Viren\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bossi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CB81B2-F7D6-4483-9A84-768138904CAE}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A5C76D-CEA3-4E8C-B4A9-4B1F0746F08B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell - "" = AutoRun
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {71504FB8-F84D-4B63-A97F-D6D5F0F0F410} - msiexec /fus {71504FB8-F84D-4B63-A97F-D6D5F0F0F410} /quiet
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.18 05:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.17 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.17 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualWifiRouter
[2011.11.09 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.19 16:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.19 16:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.11.19 16:19:47 | 000,047,873 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.19 16:19:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 16:19:13 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.19 16:19:13 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.19 16:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.19 16:19:02 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.19 16:13:49 | 000,000,000 | ---- | M] () -- C:\Users\Boss\defogger_reenable
[2011.11.19 14:03:36 | 089,315,518 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.18 13:32:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.18 05:21:55 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.17 00:01:07 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 00:01:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 00:01:07 | 000,165,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 00:01:07 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 20:09:14 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.11 08:39:51 | 298,536,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.09 15:35:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.19 16:13:49 | 000,000,000 | ---- | C] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 05:21:55 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.16 20:09:14 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 15:35:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.13 19:36:02 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.09.02 18:08:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.15 09:58:30 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll
[2009.08.15 09:58:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll
[2009.08.15 09:51:26 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2009.08.15 09:51:26 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2009.08.15 09:51:26 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2009.08.15 09:28:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P3170EGD.ini
[2009.08.15 08:59:54 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw32.bin
[2009.08.13 13:43:59 | 000,053,248 | ---- | C] () -- C:\Windows\JCNETDEL.EXE
[2009.08.13 13:43:59 | 000,000,886 | ---- | C] () -- C:\Windows\JCNETDEL.INI
[2009.08.13 13:43:54 | 000,002,340 | ---- | C] () -- C:\Windows\DELJCNET.INI
[2009.08.13 13:42:15 | 000,000,017 | ---- | C] () -- C:\Windows\PRI_SEEK.INI
[2009.08.11 14:27:19 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.11 14:12:22 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.11 09:58:13 | 000,003,584 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.10 15:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,165,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.08.30 10:38:59 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\AAV
[2009.11.01 12:14:34 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\AVG9
[2009.12.14 10:28:53 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\BatteryCare
[2011.10.12 11:20:51 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.15 09:10:14 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\EPSON
[2009.12.14 09:25:37 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Foxit
[2011.10.03 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GARMIN
[2011.03.05 15:46:07 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GetRightToGo
[2009.09.04 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\metaspinner net GmbH
[2009.08.11 13:13:23 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Opera
[2009.08.15 10:27:36 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Smart Panel
[2011.07.30 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\T-Mobile
[2011.11.19 16:17:54 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.10.31 15:09:09 | 000,000,000 | -H-D | M] -- C:\$AVG
[2011.11.16 18:05:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.03.10 22:41:00 | 000,000,000 | ---D | M] -- C:\0146811ffc1b8b0b30df
[2010.10.13 22:39:05 | 000,000,000 | ---D | M] -- C:\07da8988c193ae67d1c5b8d860dd2f2f
[2011.09.16 13:12:28 | 000,000,000 | ---D | M] -- C:\38e5d8d185cd3563ac
[2011.06.16 07:25:18 | 000,000,000 | ---D | M] -- C:\55aab62fe7af0e8faaab6e2e56c5
[2010.01.14 20:09:33 | 000,000,000 | ---D | M] -- C:\a98e60ffce31682bf9b0
[2009.11.13 19:46:02 | 000,000,000 | ---D | M] -- C:\bd938ea4dd0eb6764d943e3c48f2
[2009.06.09 12:51:36 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.02 08:18:24 | 000,000,000 | ---D | M] -- C:\c457167e499064f3033cb3add1
[2009.06.10 14:45:20 | 000,000,000 | ---D | M] -- C:\CabLogs
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.11 09:05:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.11.23 08:05:36 | 000,000,000 | ---D | M] -- C:\Download
[2011.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\f337b2e861c8652c7f2dbd3a
[2011.04.16 09:52:32 | 000,000,000 | ---D | M] -- C:\f88426b396ebb4a446
[2011.10.03 19:20:32 | 000,000,000 | ---D | M] -- C:\Garmin
[2009.06.10 11:10:38 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.10 16:02:17 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.08.15 10:33:22 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011.11.18 05:21:52 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.18 05:22:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.19 16:34:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.16 17:56:00 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.11 08:39:51 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.11 17:05:35 | 000,000,000 | ---D | M] -- C:\wlbinaries

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-12 09:31:07

< End of report >


GMER ergab folgendes LOG:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2011-11-19 16:30:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: k8niv1wn.exe; Driver: C:\Users\Boss\AppData\Local\Temp\pwtdyfoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


Da AVG AntiVirus die OTL.exe als Virus erkennt ist es noch abgeschaltet.

Ich hoffe, dass ich erstmal die erforderlichen Daten für eine mögliche Hilfe eingefügt habe. Ich würde mich sehr freuen, wenn mir jemand bei der Lösung des Prolems helfen könnte.

Auf jeden Fall sage ich schon mal recht herzlichen Dank. Und auf jeden Fall wünsche ich noch ein schönes WE.

Grüße
Islandis

Alt 20.11.2011, 12:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 20.11.2011, 13:49   #3
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Hallo Cosinus,

vielen Dank, dass Du dich meinem Problem annimmst.

Bevor ich etwas falsch mache:

Ich habe bereits einmal den esetonlinescanner laufen lassen. Das Ergebnis ist folgendes Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=799766a7d0ac63459c1dc8fdaa98fad8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-18 12:52:50
# local_time=2011-11-18 01:52:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 64940469 64940469 0 0
# compatibility_mode=1024 16777215 100 0 64576381 64576381 0 0
# compatibility_mode=5892 16776574 100 100 3144464 159100810 0 0
# compatibility_mode=8192 67108863 100 0 3861 3861 0 0
# scanned=333702
# found=17
# cleaned=17
# scan_time=9487
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Boss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Boss\Desktop\Browser_Reader\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\0\24\D80FAd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\0\B1\52F45d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\3\61\6EB1Dd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\3\F5\89CBCd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\4\10\86111d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\5\2C\EA028d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\7\48\3D64Ed01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\7\4E\5AA0Cd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\7\69\1BFF5d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\8\86\CC6EDd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\9\1B\4797Ad01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\9\F9\668F6d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Im Quarantäneordner befinden sich Dateien. Die kriege ich hier nicht reinkopiert, liegen aber als Bildausschnitt vor. Ich hänge diese mal als Anhang hier dran.




Ich lass Malwarebytes jetzt mal laufen und warte auf Anweisung bezügl. Esetonline. OK?
__________________
Miniaturansicht angehängter Grafiken
Bundespolizei Virus/Trojaner-essentquar_20111119.jpg  

Alt 20.11.2011, 14:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Zitat:
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.11.2011, 14:45   #5
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Hallo Arne,

dafür gibt es eigentlich keinen bestimmten Grund. Ich habe mir dazu auch noch keine Gedanken gemacht. Sorry.

Wahrscheinlich, weil sie bei der Suche in Google immer oben an stehen?

Ich tu's bestimmt nicht wieder....

So, inzwischen ist auch der Scan von Malwarebyte fertig:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8192

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.11.2011 15:58:31
mbam-log-2011-11-20 (15-58-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 361432
Laufzeit: 56 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Was mach ich mit eset? Scan starten wie angegeben?


Geändert von Islandis (20.11.2011 um 15:02 Uhr)

Alt 20.11.2011, 15:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Windows\System32\Rezip.exe ()
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll ()
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll ()
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Program Files\Preispiraten6\IEButtonPPInterface.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell - "" = AutoRun
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell\AutoRun\command - "" = H:\AutoRun.exe
[2011.03.10 22:41:00 | 000,000,000 | ---D | M] -- C:\0146811ffc1b8b0b30df
[2010.10.13 22:39:05 | 000,000,000 | ---D | M] -- C:\07da8988c193ae67d1c5b8d860dd2f2f
[2011.09.16 13:12:28 | 000,000,000 | ---D | M] -- C:\38e5d8d185cd3563ac
[2011.06.16 07:25:18 | 000,000,000 | ---D | M] -- C:\55aab62fe7af0e8faaab6e2e56c5
[2010.01.14 20:09:33 | 000,000,000 | ---D | M] -- C:\a98e60ffce31682bf9b0
[2009.11.13 19:46:02 | 000,000,000 | ---D | M] -- C:\bd938ea4dd0eb6764d943e3c48f2
[2011.10.02 08:18:24 | 000,000,000 | ---D | M] -- C:\c457167e499064f3033cb3add1
[2011.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\f337b2e861c8652c7f2dbd3a
[2011.04.16 09:52:32 | 000,000,000 | ---D | M] -- C:\f88426b396ebb4a446

:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Bundespolizei Virus/Trojaner

Alt 20.11.2011, 16:15   #7
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Hallo Arne,

leider hat OTL.Exe nicht bis zum Ende gearbeitet. Es kam die Meldung von windows "OTL funktioniert nicht mehr". Weitere Eingaben waren nicht möglich. Ich habe Windows neu gestartet und es kam folgende Meldung:

Code:
ATTFilter
Files\Folders moved on Reboot...
File\Folder C:\\Program Files\\Preispiraten6\\preispiraten.html not found!

Registry entries deleted on Reboot...
         
Soll ich OTL Fix noch mal starten oder vorher einen Scan posten?

Ich hoffe, ich bin nicht zu lästig....



Zwischenzeitlich habe ich einen Scan laufen lassen. Hier das Ergebnis:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.11.2011 17:36:02 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Hel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,30% Memory free
6,19 Gb Paging File | 4,60 Gb Available in Paging File | 74,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 174,13 Gb Free Space | 64,78% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
 
Computer Name: LAPPI-BOSS | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\FSP\KbdHook.dll ()
MOD - C:\Program Files\FSP\FspLib.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
MOD - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (YJEHRBYH) --  File not found
SRV - (RSND) --  File not found
SRV - (RIYSCJEUOHWHV) --  File not found
SRV - (HWDeviceService.exe) --  File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = 
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009.12.31 14:39:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.05.10 08:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.07.30 19:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.14 09:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2010.08.14 13:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Extensions
[2011.11.20 16:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions
[2011.11.20 16:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions
[2011.09.15 10:17:17 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2010.10.03 23:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Amazon Statusbar Button) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.14 09:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.18 21:08:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 07:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\BOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EAKT02RM.DEFAULT\EXTENSIONS\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.08 16:22:48 | 000,001,987 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_amazonde.xml
[2007.01.08 12:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CX Print Msgsrv] C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Viren\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bossi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CB81B2-F7D6-4483-9A84-768138904CAE}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A5C76D-CEA3-4E8C-B4A9-4B1F0746F08B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.20 16:52:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.19 16:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.19 16:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.11.18 05:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.17 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.17 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualWifiRouter
[2011.11.09 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.20 17:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.20 17:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.11.20 17:00:39 | 000,047,873 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.20 16:59:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.20 16:59:37 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 16:59:37 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 16:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.20 16:59:26 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.20 13:37:05 | 089,370,407 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.19 16:13:49 | 000,000,000 | ---- | M] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 13:32:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.18 05:21:55 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.17 00:01:07 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 00:01:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 00:01:07 | 000,165,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 00:01:07 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 20:09:14 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.15 09:03:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.11 08:39:51 | 298,536,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.09 15:35:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.19 16:13:49 | 000,000,000 | ---- | C] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 05:21:55 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.16 20:09:14 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 15:35:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.13 19:36:02 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.09.02 18:08:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.15 09:58:30 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll
[2009.08.15 09:58:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll
[2009.08.15 09:51:26 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2009.08.15 09:51:26 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2009.08.15 09:51:26 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2009.08.15 09:28:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P3170EGD.ini
[2009.08.15 08:59:54 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw32.bin
[2009.08.13 13:43:59 | 000,053,248 | ---- | C] () -- C:\Windows\JCNETDEL.EXE
[2009.08.13 13:43:59 | 000,000,886 | ---- | C] () -- C:\Windows\JCNETDEL.INI
[2009.08.13 13:43:54 | 000,002,340 | ---- | C] () -- C:\Windows\DELJCNET.INI
[2009.08.13 13:42:15 | 000,000,017 | ---- | C] () -- C:\Windows\PRI_SEEK.INI
[2009.08.11 14:27:19 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.11 14:12:22 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.11 09:58:13 | 000,003,584 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.10 15:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,165,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         
--- --- ---


Grüße

Islandis

Geändert von Islandis (20.11.2011 um 16:46 Uhr)

Alt 21.11.2011, 08:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Wiederhol den Fix
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2011, 09:59   #9
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Guten Morgen Arne,

den Fix habe ich wiederholt; zuerst auf dem normalen Benutzerkonto. Da trat das gleiche Phänomen auf wie beim ersten mal. Ich habe dann in das Administratorkonto gewechselt und der FIX lief durch. System wurde neu gestartet mit folgendem Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Rezip.exe was found!
Error: No service named Rezip was found to stop!
Service\Driver key Rezip not found.
File  C:\Windows\System32\Rezip.exe  not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\MenuText| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\MenuText| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\MenuText| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\MenuText| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Folder C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Folder C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84B94901-3645-4D80-A6B7-4D0050B19455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84B94901-3645-4D80-A6B7-4D0050B19455}\ not found.
File C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD9B7762-DFBC-42B1-BB30-02A78287B456}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD9B7762-DFBC-42B1-BB30-02A78287B456}\ not found.
File C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
File C:\Program Files\Preispiraten6\IEButtonPPInterface.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snp2uvc not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found.
File C:\\Program Files\\Preispiraten6\\preispiraten.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
File C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files\Preispiraten6\preispiraten3ie.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files\Preispiraten6\preispiraten3ie.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E79005A3-0F92-434B-9F7B-51131FC7168F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79005A3-0F92-434B-9F7B-51131FC7168F}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File D:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
File H:\AutoRun.exe not found.
Folder C:\0146811ffc1b8b0b30df\ not found.
Folder C:\07da8988c193ae67d1c5b8d860dd2f2f\ not found.
Folder C:\38e5d8d185cd3563ac\ not found.
Folder C:\55aab62fe7af0e8faaab6e2e56c5\ not found.
Folder C:\a98e60ffce31682bf9b0\ not found.
Folder C:\bd938ea4dd0eb6764d943e3c48f2\ not found.
Folder C:\c457167e499064f3033cb3add1\ not found.
Folder C:\f337b2e861c8652c7f2dbd3a\ not found.
Folder C:\f88426b396ebb4a446\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Boss
->Temp folder emptied: 33297 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12634691 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30524328 bytes
->Java cache emptied: 12426246 bytes
->FireFox cache emptied: 104393542 bytes
->Opera cache emptied: 22944020 bytes
->Flash cache emptied: 12404 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 124827226 bytes
RecycleBin emptied: 2188312 bytes
 
Total Files Cleaned = 296,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11212011_104844

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Grüße von Islandis

Alt 21.11.2011, 10:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2011, 11:01   #11
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Hi Arne,

hier das TDSS Log:

Code:
ATTFilter
11:54:15.0341 5268	TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
11:54:15.0681 5268	============================================================
11:54:15.0682 5268	Current date / time: 2011/11/21 11:54:15.0681
11:54:15.0682 5268	SystemInfo:
11:54:15.0682 5268	
11:54:15.0682 5268	OS Version: 6.0.6002 ServicePack: 2.0
11:54:15.0682 5268	Product type: Workstation
11:54:15.0682 5268	ComputerName: LAPPI-BOSS
11:54:15.0682 5268	UserName: Boss
11:54:15.0682 5268	Windows directory: C:\Windows
11:54:15.0682 5268	System windows directory: C:\Windows
11:54:15.0682 5268	Processor architecture: Intel x86
11:54:15.0682 5268	Number of processors: 2
11:54:15.0682 5268	Page size: 0x1000
11:54:15.0682 5268	Boot type: Normal boot
11:54:15.0682 5268	============================================================
11:54:16.0025 5268	Initialize success
11:55:39.0363 2072	============================================================
11:55:39.0363 2072	Scan started
11:55:39.0363 2072	Mode: Manual; SigCheck; TDLFS; 
11:55:39.0363 2072	============================================================
11:55:40.0268 2072	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:55:40.0393 2072	ACPI - ok
11:55:40.0595 2072	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:55:40.0611 2072	adp94xx - ok
11:55:40.0658 2072	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:55:40.0673 2072	adpahci - ok
11:55:40.0720 2072	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:55:40.0736 2072	adpu160m - ok
11:55:40.0751 2072	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:55:40.0767 2072	adpu320 - ok
11:55:40.0845 2072	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:55:40.0923 2072	AFD - ok
11:55:40.0970 2072	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:55:40.0970 2072	agp440 - ok
11:55:41.0017 2072	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:55:41.0017 2072	aic78xx - ok
11:55:41.0048 2072	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:55:41.0063 2072	aliide - ok
11:55:41.0095 2072	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:55:41.0095 2072	amdagp - ok
11:55:41.0126 2072	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:55:41.0126 2072	amdide - ok
11:55:41.0157 2072	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:55:41.0329 2072	AmdK7 - ok
11:55:41.0375 2072	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:55:41.0438 2072	AmdK8 - ok
11:55:41.0485 2072	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:55:41.0500 2072	arc - ok
11:55:41.0531 2072	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:55:41.0547 2072	arcsas - ok
11:55:41.0578 2072	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:55:41.0625 2072	AsyncMac - ok
11:55:41.0672 2072	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:55:41.0672 2072	atapi - ok
11:55:41.0750 2072	AvgLdx86        (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
11:55:42.0249 2072	AvgLdx86 - ok
11:55:42.0436 2072	AvgMfx86        (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
11:55:42.0436 2072	AvgMfx86 - ok
11:55:42.0514 2072	AvgTdiX         (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
11:55:42.0530 2072	AvgTdiX - ok
11:55:42.0577 2072	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:55:42.0608 2072	Beep - ok
11:55:42.0655 2072	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:55:42.0686 2072	blbdrive - ok
11:55:42.0779 2072	BMLoad          (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
11:55:42.0826 2072	BMLoad ( UnsignedFile.Multi.Generic ) - warning
11:55:42.0826 2072	BMLoad - detected UnsignedFile.Multi.Generic (1)
11:55:42.0904 2072	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:55:42.0967 2072	bowser - ok
11:55:43.0013 2072	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:55:43.0091 2072	BrFiltLo - ok
11:55:43.0123 2072	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:55:43.0185 2072	BrFiltUp - ok
11:55:43.0216 2072	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:55:43.0403 2072	Brserid - ok
11:55:43.0419 2072	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:55:43.0481 2072	BrSerWdm - ok
11:55:43.0497 2072	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:55:43.0591 2072	BrUsbMdm - ok
11:55:43.0606 2072	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:55:43.0653 2072	BrUsbSer - ok
11:55:43.0684 2072	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:55:43.0762 2072	BTHMODEM - ok
11:55:43.0825 2072	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:55:43.0871 2072	cdfs - ok
11:55:43.0918 2072	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:55:43.0949 2072	cdrom - ok
11:55:43.0965 2072	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:55:44.0012 2072	circlass - ok
11:55:44.0043 2072	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:55:44.0059 2072	CLFS - ok
11:55:44.0105 2072	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:55:44.0152 2072	CmBatt - ok
11:55:44.0183 2072	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:55:44.0183 2072	cmdide - ok
11:55:44.0199 2072	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:55:44.0215 2072	Compbatt - ok
11:55:44.0230 2072	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:55:44.0230 2072	crcdisk - ok
11:55:44.0246 2072	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:55:44.0293 2072	Crusoe - ok
11:55:44.0355 2072	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:55:44.0417 2072	DfsC - ok
11:55:44.0480 2072	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:55:44.0495 2072	disk - ok
11:55:44.0558 2072	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:55:44.0573 2072	drmkaud - ok
11:55:44.0620 2072	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:55:44.0667 2072	DXGKrnl - ok
11:55:44.0729 2072	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:55:44.0761 2072	E1G60 - ok
11:55:44.0807 2072	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:55:44.0823 2072	Ecache - ok
11:55:44.0854 2072	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:55:44.0870 2072	elxstor - ok
11:55:44.0901 2072	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:55:44.0963 2072	ErrDev - ok
11:55:45.0041 2072	ewusbnet        (fb54f67974d13d73be3e2f1df042d295) C:\Windows\system32\DRIVERS\ewusbnet.sys
11:55:45.0073 2072	ewusbnet - ok
11:55:45.0135 2072	ew_hwusbdev     (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:55:45.0182 2072	ew_hwusbdev - ok
11:55:45.0244 2072	ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
11:55:45.0307 2072	ew_usbenumfilter - ok
11:55:45.0353 2072	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:55:45.0400 2072	exfat - ok
11:55:45.0447 2072	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:55:45.0463 2072	fastfat - ok
11:55:45.0525 2072	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:55:45.0556 2072	fdc - ok
11:55:45.0603 2072	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:55:45.0603 2072	FileInfo - ok
11:55:45.0634 2072	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:55:45.0665 2072	Filetrace - ok
11:55:45.0681 2072	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:55:45.0728 2072	flpydisk - ok
11:55:45.0790 2072	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:55:45.0806 2072	FltMgr - ok
11:55:45.0868 2072	fspad_wlh32     (4875e6384310e3aafb9847312edb0cff) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
11:55:45.0946 2072	fspad_wlh32 - ok
11:55:45.0977 2072	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:55:46.0009 2072	Fs_Rec - ok
11:55:46.0024 2072	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:55:46.0040 2072	gagp30kx - ok
11:55:46.0102 2072	grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
11:55:46.0165 2072	grmnusb - ok
11:55:46.0258 2072	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
11:55:46.0305 2072	HdAudAddService - ok
11:55:46.0367 2072	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:55:46.0461 2072	HDAudBus - ok
11:55:46.0492 2072	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:55:46.0539 2072	HidBth - ok
11:55:46.0601 2072	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:55:46.0679 2072	HidIr - ok
11:55:46.0726 2072	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:55:46.0757 2072	HidUsb - ok
11:55:46.0804 2072	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:55:46.0804 2072	HpCISSs - ok
11:55:46.0867 2072	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:55:46.0929 2072	HTTP - ok
11:55:46.0991 2072	huawei_cdcacm   (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
11:55:47.0038 2072	huawei_cdcacm - ok
11:55:47.0054 2072	huawei_cdcecm   (1ef9e48ab82ea785c7348b22e9b02dc4) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
11:55:47.0085 2072	huawei_cdcecm - ok
11:55:47.0116 2072	huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:55:47.0147 2072	huawei_enumerator - ok
11:55:47.0179 2072	huawei_ext_ctrl (69a103138b77ac0950ec3846e2e6f655) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
11:55:47.0210 2072	huawei_ext_ctrl - ok
11:55:47.0272 2072	hwdatacard      (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:55:47.0350 2072	hwdatacard - ok
11:55:47.0397 2072	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:55:47.0413 2072	i2omp - ok
11:55:47.0444 2072	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:55:47.0475 2072	i8042prt - ok
11:55:47.0537 2072	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
11:55:47.0569 2072	iaStor - ok
11:55:47.0600 2072	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:55:47.0615 2072	iaStorV - ok
11:55:47.0647 2072	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:55:47.0662 2072	iirsp - ok
11:55:47.0787 2072	IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
11:55:47.0927 2072	IntcAzAudAddService - ok
11:55:47.0959 2072	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:55:47.0974 2072	intelide - ok
11:55:48.0021 2072	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:55:48.0052 2072	intelppm - ok
11:55:48.0083 2072	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:55:48.0115 2072	IpFilterDriver - ok
11:55:48.0130 2072	IpInIp - ok
11:55:48.0146 2072	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:55:48.0177 2072	IPMIDRV - ok
11:55:48.0193 2072	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:55:48.0224 2072	IPNAT - ok
11:55:48.0239 2072	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:55:48.0271 2072	IRENUM - ok
11:55:48.0302 2072	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:55:48.0302 2072	isapnp - ok
11:55:48.0333 2072	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:55:48.0349 2072	iScsiPrt - ok
11:55:48.0364 2072	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:55:48.0380 2072	iteatapi - ok
11:55:48.0411 2072	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:55:48.0411 2072	iteraid - ok
11:55:48.0442 2072	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:55:48.0442 2072	kbdclass - ok
11:55:48.0473 2072	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:55:48.0505 2072	kbdhid - ok
11:55:48.0551 2072	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
11:55:48.0567 2072	KSecDD - ok
11:55:48.0614 2072	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:55:48.0645 2072	lltdio - ok
11:55:48.0676 2072	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:55:48.0692 2072	LSI_FC - ok
11:55:48.0707 2072	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:55:48.0723 2072	LSI_SAS - ok
11:55:48.0739 2072	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:55:48.0754 2072	LSI_SCSI - ok
11:55:48.0770 2072	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:55:48.0801 2072	luafv - ok
11:55:48.0832 2072	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:55:48.0848 2072	megasas - ok
11:55:48.0879 2072	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:55:48.0910 2072	MegaSR - ok
11:55:48.0926 2072	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:55:48.0941 2072	Modem - ok
11:55:48.0973 2072	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:55:49.0019 2072	monitor - ok
11:55:49.0035 2072	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:55:49.0035 2072	mouclass - ok
11:55:49.0066 2072	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:55:49.0097 2072	mouhid - ok
11:55:49.0113 2072	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:55:49.0113 2072	MountMgr - ok
11:55:49.0160 2072	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:55:49.0175 2072	mpio - ok
11:55:49.0191 2072	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:55:49.0222 2072	mpsdrv - ok
11:55:49.0253 2072	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:55:49.0269 2072	Mraid35x - ok
11:55:49.0285 2072	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:55:49.0363 2072	MRxDAV - ok
11:55:49.0409 2072	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:55:49.0441 2072	mrxsmb - ok
11:55:49.0503 2072	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:55:49.0534 2072	mrxsmb10 - ok
11:55:49.0550 2072	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:55:49.0565 2072	mrxsmb20 - ok
11:55:49.0597 2072	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:55:49.0612 2072	msahci - ok
11:55:49.0628 2072	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:55:49.0643 2072	msdsm - ok
11:55:49.0675 2072	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:55:49.0721 2072	Msfs - ok
11:55:49.0753 2072	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:55:49.0768 2072	msisadrv - ok
11:55:49.0799 2072	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:55:49.0831 2072	MSKSSRV - ok
11:55:49.0846 2072	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:55:49.0862 2072	MSPCLOCK - ok
11:55:49.0909 2072	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:55:49.0924 2072	MSPQM - ok
11:55:49.0955 2072	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:55:49.0971 2072	MsRPC - ok
11:55:50.0002 2072	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:55:50.0018 2072	mssmbios - ok
11:55:50.0049 2072	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:55:50.0080 2072	MSTEE - ok
11:55:50.0096 2072	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:55:50.0111 2072	Mup - ok
11:55:50.0158 2072	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:55:50.0174 2072	NativeWifiP - ok
11:55:50.0221 2072	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:55:50.0236 2072	NDIS - ok
11:55:50.0283 2072	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:55:50.0314 2072	NdisTapi - ok
11:55:50.0361 2072	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:55:50.0392 2072	Ndisuio - ok
11:55:50.0423 2072	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:55:50.0455 2072	NdisWan - ok
11:55:50.0470 2072	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:55:50.0501 2072	NDProxy - ok
11:55:50.0548 2072	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:55:50.0564 2072	NetBIOS - ok
11:55:50.0595 2072	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:55:50.0626 2072	netbt - ok
11:55:50.0657 2072	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:55:50.0673 2072	nfrd960 - ok
11:55:50.0704 2072	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:55:50.0735 2072	Npfs - ok
11:55:50.0751 2072	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:55:50.0782 2072	nsiproxy - ok
11:55:50.0829 2072	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:55:50.0938 2072	Ntfs - ok
11:55:50.0969 2072	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:55:51.0016 2072	ntrigdigi - ok
11:55:51.0079 2072	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:55:51.0110 2072	Null - ok
11:55:51.0141 2072	NVHDA           (d2f4c4b22969236382ca853b8daa2d4e) C:\Windows\system32\drivers\nvhda32v.sys
11:55:51.0157 2072	NVHDA - ok
11:55:51.0344 2072	nvlddmkm        (2877cd56310938a170810bde50fd3f01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:55:51.0687 2072	nvlddmkm - ok
11:55:51.0718 2072	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:55:51.0734 2072	nvraid - ok
11:55:51.0749 2072	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:55:51.0765 2072	nvstor - ok
11:55:51.0781 2072	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:55:51.0796 2072	nv_agp - ok
11:55:51.0796 2072	NwlnkFlt - ok
11:55:51.0812 2072	NwlnkFwd - ok
11:55:51.0859 2072	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:55:51.0905 2072	ohci1394 - ok
11:55:51.0937 2072	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:55:51.0999 2072	Parport - ok
11:55:52.0030 2072	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:55:52.0046 2072	partmgr - ok
11:55:52.0061 2072	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:55:52.0108 2072	Parvdm - ok
11:55:52.0155 2072	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:55:52.0155 2072	pci - ok
11:55:52.0202 2072	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:55:52.0202 2072	pciide - ok
11:55:52.0233 2072	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:55:52.0233 2072	pcmcia - ok
11:55:52.0295 2072	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:55:52.0389 2072	PEAUTH - ok
11:55:52.0436 2072	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:55:52.0483 2072	PptpMiniport - ok
11:55:52.0498 2072	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:55:52.0545 2072	Processor - ok
11:55:52.0576 2072	Profos - ok
11:55:52.0607 2072	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:55:52.0639 2072	PSched - ok
11:55:52.0685 2072	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:55:52.0685 2072	PxHelp20 - ok
11:55:52.0763 2072	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:55:52.0857 2072	ql2300 - ok
11:55:52.0873 2072	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:55:52.0888 2072	ql40xx - ok
11:55:52.0904 2072	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:55:52.0935 2072	QWAVEdrv - ok
11:55:52.0966 2072	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:55:52.0997 2072	RasAcd - ok
11:55:53.0029 2072	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:55:53.0044 2072	Rasl2tp - ok
11:55:53.0091 2072	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:55:53.0122 2072	RasPppoe - ok
11:55:53.0169 2072	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:55:53.0200 2072	RasSstp - ok
11:55:53.0216 2072	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:55:53.0247 2072	rdbss - ok
11:55:53.0278 2072	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:55:53.0309 2072	RDPCDD - ok
11:55:53.0341 2072	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:55:53.0372 2072	rdpdr - ok
11:55:53.0387 2072	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:55:53.0419 2072	RDPENCDD - ok
11:55:53.0450 2072	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:55:53.0465 2072	RDPWD - ok
11:55:53.0528 2072	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:55:53.0559 2072	rspndr - ok
11:55:53.0590 2072	RTL8169         (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:55:53.0637 2072	RTL8169 - ok
11:55:54.0713 2072	rtl8192se       (8b2a43f1bf79e623e7e780afe4412d7c) C:\Windows\system32\DRIVERS\rtl8192se.sys
11:55:54.0729 2072	rtl8192se - ok
11:55:54.0838 2072	RTSTOR          (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
11:55:54.0869 2072	RTSTOR - ok
11:55:55.0603 2072	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:55:55.0603 2072	SASDIFSV - ok
11:55:57.0927 2072	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:55:57.0927 2072	SASKUTIL - ok
11:55:58.0021 2072	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:55:58.0021 2072	sbp2port - ok
11:55:58.0099 2072	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:55:58.0145 2072	secdrv - ok
11:55:59.0191 2072	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:55:59.0284 2072	Serenum - ok
11:55:59.0378 2072	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:55:59.0425 2072	Serial - ok
11:55:59.0471 2072	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:55:59.0518 2072	sermouse - ok
11:55:59.0549 2072	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:55:59.0565 2072	sffdisk - ok
11:55:59.0581 2072	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:55:59.0596 2072	sffp_mmc - ok
11:55:59.0612 2072	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:55:59.0643 2072	sffp_sd - ok
11:55:59.0659 2072	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:55:59.0721 2072	sfloppy - ok
11:56:00.0049 2072	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:56:00.0064 2072	sisagp - ok
11:56:00.0158 2072	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:56:00.0173 2072	SiSRaid2 - ok
11:56:00.0220 2072	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:56:00.0236 2072	SiSRaid4 - ok
11:56:00.0267 2072	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:56:00.0298 2072	Smb - ok
11:56:00.0392 2072	SNP2UVC         (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
11:56:00.0517 2072	SNP2UVC - ok
11:56:00.0532 2072	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:56:00.0532 2072	spldr - ok
11:56:00.0595 2072	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:56:00.0626 2072	srv - ok
11:56:00.0704 2072	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:56:00.0735 2072	srv2 - ok
11:56:00.0782 2072	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:56:00.0797 2072	srvnet - ok
11:56:00.0844 2072	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:56:00.0860 2072	swenum - ok
11:56:00.0891 2072	sxuptp          (4021808cdc02c51f312a8394c4a93bcd) C:\Windows\system32\DRIVERS\sxuptp.sys
11:56:00.0907 2072	sxuptp - ok
11:56:00.0922 2072	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:56:00.0938 2072	Symc8xx - ok
11:56:00.0953 2072	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:56:00.0953 2072	Sym_hi - ok
11:56:00.0985 2072	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:56:00.0985 2072	Sym_u3 - ok
11:56:01.0063 2072	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
11:56:01.0156 2072	Tcpip - ok
11:56:01.0187 2072	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
11:56:01.0234 2072	Tcpip6 - ok
11:56:01.0328 2072	tcpipBM         (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
11:56:01.0328 2072	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
11:56:01.0328 2072	tcpipBM - detected UnsignedFile.Multi.Generic (1)
11:56:01.0390 2072	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:56:01.0406 2072	tcpipreg - ok
11:56:01.0453 2072	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:56:01.0484 2072	TDPIPE - ok
11:56:01.0499 2072	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:56:01.0531 2072	TDTCP - ok
11:56:01.0562 2072	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:56:01.0609 2072	tdx - ok
11:56:01.0655 2072	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:56:01.0655 2072	TermDD - ok
11:56:01.0687 2072	Trufos - ok
11:56:01.0718 2072	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:56:01.0749 2072	tssecsrv - ok
11:56:01.0780 2072	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:56:01.0827 2072	tunmp - ok
11:56:01.0874 2072	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:56:01.0905 2072	tunnel - ok
11:56:01.0936 2072	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:56:01.0952 2072	uagp35 - ok
11:56:01.0983 2072	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:56:02.0014 2072	udfs - ok
11:56:02.0045 2072	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:56:02.0045 2072	uliagpkx - ok
11:56:02.0077 2072	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:56:02.0092 2072	uliahci - ok
11:56:02.0123 2072	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:56:02.0123 2072	UlSata - ok
11:56:02.0155 2072	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:56:02.0155 2072	ulsata2 - ok
11:56:02.0201 2072	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:56:02.0217 2072	umbus - ok
11:56:02.0264 2072	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:56:02.0279 2072	usbccgp - ok
11:56:02.0311 2072	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:56:02.0357 2072	usbcir - ok
11:56:02.0389 2072	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:56:02.0435 2072	usbehci - ok
11:56:02.0482 2072	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:56:02.0513 2072	usbhub - ok
11:56:02.0545 2072	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:56:02.0591 2072	usbohci - ok
11:56:02.0623 2072	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:56:02.0638 2072	usbprint - ok
11:56:02.0685 2072	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:56:02.0716 2072	usbscan - ok
11:56:02.0763 2072	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:56:02.0794 2072	USBSTOR - ok
11:56:02.0825 2072	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:56:02.0857 2072	usbuhci - ok
11:56:02.0903 2072	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:56:02.0935 2072	usbvideo - ok
11:56:02.0966 2072	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:56:02.0997 2072	vga - ok
11:56:03.0028 2072	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:56:03.0059 2072	VgaSave - ok
11:56:03.0075 2072	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:56:03.0091 2072	viaagp - ok
11:56:03.0106 2072	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:56:03.0153 2072	ViaC7 - ok
11:56:03.0184 2072	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:56:03.0200 2072	viaide - ok
11:56:03.0215 2072	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:56:03.0231 2072	volmgr - ok
11:56:03.0262 2072	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:56:03.0278 2072	volmgrx - ok
11:56:03.0309 2072	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:56:03.0325 2072	volsnap - ok
11:56:03.0340 2072	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:56:03.0356 2072	vsmraid - ok
11:56:03.0387 2072	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:56:03.0434 2072	WacomPen - ok
11:56:03.0449 2072	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:03.0481 2072	Wanarp - ok
11:56:03.0527 2072	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:03.0543 2072	Wanarpv6 - ok
11:56:03.0559 2072	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:56:03.0574 2072	Wd - ok
11:56:03.0605 2072	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:56:03.0621 2072	Wdf01000 - ok
11:56:03.0683 2072	WINIO           (819c68ff6c4c63886d636ffb2dabf5ef) C:\Windows\system32\WinIo.sys
11:56:03.0715 2072	WINIO ( UnsignedFile.Multi.Generic ) - warning
11:56:03.0715 2072	WINIO - detected UnsignedFile.Multi.Generic (1)
11:56:03.0777 2072	WinRing0_1_2_0  (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\BatteryCare\WinRing0.sys
11:56:03.0777 2072	WinRing0_1_2_0 - ok
11:56:03.0824 2072	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:56:03.0871 2072	WmiAcpi - ok
11:56:03.0949 2072	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:56:03.0980 2072	WpdUsb - ok
11:56:04.0011 2072	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:56:04.0042 2072	ws2ifsl - ok
11:56:04.0073 2072	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:56:04.0120 2072	WUDFRd - ok
11:56:04.0198 2072	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:56:04.0682 2072	\Device\Harddisk0\DR0 - ok
11:56:04.0697 2072	Boot (0x1200)   (a7136288fb2b2555c003adfd2a9656c5) \Device\Harddisk0\DR0\Partition0
11:56:04.0697 2072	\Device\Harddisk0\DR0\Partition0 - ok
11:56:05.0384 2072	Boot (0x1200)   (7e02661036e00188d64afd57a65c62b0) \Device\Harddisk0\DR0\Partition1
11:56:05.0384 2072	\Device\Harddisk0\DR0\Partition1 - ok
11:56:05.0384 2072	============================================================
11:56:05.0384 2072	Scan finished
11:56:05.0384 2072	============================================================
11:56:05.0399 1652	Detected object count: 3
11:56:05.0399 1652	Actual detected object count: 3
11:56:59.0210 1652	BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
11:56:59.0210 1652	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:56:59.0210 1652	tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
11:56:59.0210 1652	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:56:59.0214 1652	WINIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:56:59.0214 1652	WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Du bist ja schwer beschäftigt...

Meine Hochachtung wie Du das alles so schnell bearbeitest

Gruß
Islandis

Alt 21.11.2011, 11:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2011, 12:34   #13
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Sorry Arne,

leider schlechte Nachricht: Combofix lief ganz normal durch, hat den PC neu gestartet. Beim Restart habe ich das Benutzerkonto aktiviert aus dem Combofix gestartet wurde (mit Administratorrechten). Danach öffneten und schlossen sich Combofix GFesnter in sehr schneller Folge. Es sah so aus dass er eine C:\combofix\pev.3xe offnen wollte.

Dies liess ich ca. 50 Min laufen, ohne dass sich etwas veränderte.

Ich habe dann den PC manuell neu gestartet mit dem selben Benutzere. Wieder das gleiche Spiel. Im dritten Versuch habe ich Windows als Administrator aktiviert und daraufhin erschien wieder Combofix mit dem Hinweis, dass er eine Log.Text im o.a. Verzeichnis ertstellen würde und beendete normal. Allerdings konnte das gewünschte Log-File nicht erstellt werden. Im Combofix Verzeichnis finde ich auch kein Combofix.txt.

Soll ich Combofix noch einmal als Benutzer Administrator starten?

Danke schon mal.

Gruß
Islandis

Alt 21.11.2011, 14:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2011, 16:51   #15
Islandis
 
Bundespolizei Virus/Trojaner - Standard

Bundespolizei Virus/Trojaner



Danke Arne, diesmal hat's geklappt.

Hier das Combofix log:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-21.01 - Boss 21.11.2011  17:26:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1908 [GMT 1:00]
ausgeführt von:: c:\users\Boss\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\WinIo.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-21 bis 2011-11-21  ))))))))))))))))))))))))))))))
.
.
2011-11-21 16:35 . 2011-11-21 16:35	--------	d-----w-	c:\users\Boss\AppData\Local\temp
2011-11-21 16:35 . 2011-11-21 16:35	--------	d-----w-	c:\users\Hel\AppData\Local\temp
2011-11-21 16:35 . 2011-11-21 16:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-20 15:52 . 2011-11-20 15:52	--------	d-----w-	C:\_OTL
2011-11-19 15:53 . 2011-11-19 15:53	--------	d-----w-	c:\program files\7-Zip
2011-11-18 18:47 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{67517676-631F-4A02-9DB2-76013C059DB6}\mpengine.dll
2011-11-18 04:22 . 2011-11-18 04:22	--------	d-----w-	c:\users\Hel\AppData\Roaming\SUPERAntiSpyware.com
2011-11-18 04:21 . 2011-11-18 04:22	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-11-18 04:21 . 2011-11-18 04:21	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-11-17 22:10 . 2011-11-17 22:10	--------	d-----w-	c:\program files\ESET
2011-11-16 16:56 . 2011-11-16 16:56	--------	d-----w-	c:\users\Gast
2011-11-16 16:08 . 2011-11-16 16:08	--------	d-----w-	c:\programdata\VirtualWifiRouter
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 08:03 . 2011-05-19 07:05	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-14 06:33 . 2009-10-31 13:22	29712	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:30 . 2011-10-12 09:22	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-09-02 13:22 . 2011-09-02 13:22	0	---ha-w-	c:\users\Hel\AppData\Local\BIT3246.tmp
2011-09-01 02:35 . 2011-10-12 09:27	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 09:27	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 09:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-08-31 16:00 . 2009-10-27 10:19	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-12 09:22	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 09:22	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 09:22	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-12 09:22	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-03 06:18 . 2011-09-14 08:55	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2009-11-20 520192]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2011-04-14 12036968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-06-19 765952]
"CX Print Msgsrv"="c:\program files\silex technology\CX Print\Msgsrv.exe" [2008-08-21 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-04-28 220552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Viren\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-01-28 270176]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2011-07-30 224096]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-30 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-07-30 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-07-30 235392]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-30 90112]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2011-07-30 64384]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-07-30 26624]
R3 RIYSCJEUOHWHV;RIYSCJEUOHWHV;c:\users\Boss\AppData\Local\Temp\RIYSCJEUOHWHV.exe [x]
R3 RSND;RSND;c:\users\Boss\AppData\Local\Temp\RSND.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [2008-07-26 14416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 YJEHRBYH;YJEHRBYH;c:\users\Boss\AppData\Local\Temp\YJEHRBYH.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-07-30 13184]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-30 73216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-24 522784]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2008-12-19 246808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 07:04]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 10:22]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - 
FF - ProfilePath - c:\users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\eakt02rm.default\
FF - prefs.js: network.proxy.type - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-21 17:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-11-21  17:37:16
ComboFix-quarantined-files.txt  2011-11-21 16:37
ComboFix2.txt  2011-11-21 12:16
.
Vor Suchlauf: 16 Verzeichnis(se), 189.107.388.416 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 189.075.525.632 Bytes frei
.
- - End Of File - - 8D3B723FC60594626CBD74EAD8390423
         
--- --- ---
Danke schon mal

Antwort

Themen zu Bundespolizei Virus/Trojaner
adobe, antivirus, avg, avg antivirus, avg security toolbar, bho, bundespolizei, bundestrojaner, c:\windows\system32\rundll32.exe, defender, eraser, firefox, format, google earth, home, infizierte, infizierte dateien, installation, logfile, msiexec, nvlddmkm.sys, programm, realtek, registry, required, rundll, scan, security, software, studio, superantispyware, t-mobile, udp, upd.exe, updates, usb, usb 2.0, version=1.0, viren, virus/trojaner, vista



Ähnliche Themen: Bundespolizei Virus/Trojaner


  1. Bundespolizei Virus/Trojaner
    Log-Analyse und Auswertung - 05.01.2014 (5)
  2. Umfrage zur Schadsoftware des sog. "BKA-, GVU-, GEMA-, Bundespolizei-Virus/Trojaner"
    Diskussionsforum - 17.11.2013 (4)
  3. Virus Bundespolizei/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (15)
  4. Bundespolizei-Virus/Trojaner
    Log-Analyse und Auswertung - 15.12.2012 (13)
  5. Der Bundespolizei-Virus/Trojaner-wie werde ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (9)
  6. Bundespolizei Virus,Ucash Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (1)
  7. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  8. Virus/Trojaner von der Bundespolizei
    Log-Analyse und Auswertung - 30.07.2012 (2)
  9. Bundespolizei Virus/trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (6)
  10. Trojaner / Virus - Bundespolizei Einheit 5.2 - 100 Euro...
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (10)
  11. Virus/Trojaner Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  12. Bundespolizei Virus Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  14. Bundespolizei - Virus, Trojaner: Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  15. Trojaner/Virus: Bundespolizei verlangt 100€
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (12)
  16. Bundespolizei Virus / Trojaner eingefangen und total hilflos :-( PC immer noch "gefährdet"
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  17. Bundespolizei Virus / Trojaner - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (1)

Zum Thema Bundespolizei Virus/Trojaner - Hallo zusammen, leider hat auch mich die Tage der Bundespolizei Virus/Trojaner erwischt. Ich wollte das Programm VirtualWiFi (Freeware) installieren. Nach der Installation sollte ich auf Updates checken. Ich lud also - Bundespolizei Virus/Trojaner...
Archiv
Du betrachtest: Bundespolizei Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.