Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.03.2012, 09:22   #1
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hi,

bitte einen Thread eröffnen...
Und das Log von OTL posten:
OTL
Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten).
Lade Dir OTL von Oldtimer herunter (hxxp://oldtimer.geekstogo.com/OTL.exe) und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

Zitat:
Zitat von pc-idiot
Hallo .. kannst du mir auch helfen?

Ich habe diesen bekannten TRojaner "Bundespolizei", der alles sperrt und 100 Euro von einem will.

Hab verschiedene Cleaner und Virenprogramme um abgesicherten Modus runtergeladen und durchlaufen lassen, jedoch ohne Erfolg. Habe gesehen, du hast hier einem Betroffenen heute helfen können. Ich verstehe von den ganzen Ausführungen jedoch nur max. die Hälfte. Hab von diesen ganzen PC-Dingen keine Ahnung, kenn die Fachbegriffe und Abkürzungen nicht. Also wenn du mir hilfst, denn bitte schreib so, wie wenn du es deiner 7 jährigen Tochter erklärst.

Ich hab so viel verstanden, dass ich diese OTL Programm herunterladen muss/soll. Wie gehts dann weiter?

Gibt es nicht einen Cleaner, der diesen Virus erkennt und vernichtet?

Ich würde dir für die Hilfe sogar Geld überweisen, denn ich bin echt am verzweifeln.

Wär nett, wenn du helfen könntest.

LG

Alt 09.03.2012, 09:36   #2
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



hallo chris ... habe soweit alles gemacht wie von dir beschrieben. die logfiles sind folgende:

Extras.Txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.03.2012 09:28:12 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,76% Memory free
6,18 Gb Paging File | 5,91 Gb Available in Paging File | 95,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 35,17 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 55,88 Gb Free Space | 28,63% Space Free | Partition Type: NTFS
Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BE16C2-7F81-496F-9AE5-F7EBF80F036A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{170C8C54-B392-482B-9F23-9C228860FBE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1CCD7AA4-B0C2-428B-A372-AFFF1E5E059D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{311D4DFF-1964-4149-8CDE-F7DA989823CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{397E7F37-6BA5-493E-B053-FE02E7844F1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{450CBD0B-816F-4106-9EB5-1977F2968659}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5CC650F9-0B20-425B-A6BC-CA8778FAA934}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{65143E8F-41E8-4233-9510-EB3714628AE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71515D20-171F-4E86-912C-125B88F4B345}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8D57A384-9F1E-4C2A-ACC3-CC0382368005}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0A23F26-669C-45D8-ADB8-1F4D985D00DF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B8C62B2F-6F39-4769-906B-582FC3B3ACD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD957A4F-BA1D-4E60-8C1F-8568D71181B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CC7D6AE0-EEBB-441F-8ECE-63F8F974063D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CFB04593-8C8E-4C3D-877E-8EA94C0BE255}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F07E294F-C817-4161-9798-87265245EEA7}" = rport=2869 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BF250E-B80E-47E9-8D95-AC75A0DB66A0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1DC7653A-614F-457F-BC71-BC0B28290A25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{260965F7-DC2A-473A-87CD-4B8BB5A63B69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{29E666AF-2A82-4401-8633-3FB72FEC3A99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2A2AEB15-0949-48BF-B739-6F2A2938D4F0}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{37AA4EEE-F69D-4A11-83C3-AEE785797E5E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{47C2EDB2-674B-48FC-999C-38260E4A2571}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{48CC86E9-7783-46BC-9A2B-45EB5D71F10D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6508ECC3-D78E-4A5D-B8EF-FD4E375B0F30}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{68785373-888A-485A-97D3-133C7A352D67}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{759CA9A0-E57A-4EC9-9CAD-510A176444E3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{932AAF37-DE4A-4343-BC0C-8B0F7CCA84F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{94A6A708-8D34-4075-9B60-25485ABB4705}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CDB55A2E-B884-48AA-9813-959975024403}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{06E68202-05AD-47BB-98A8-F12D3B24985C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{1DFD7C6E-33E5-45BD-B08E-55D720A6490F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{20AE0F50-EBD3-4618-AF7B-2DC8726B2079}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{272EC2EE-33E4-4036-909F-368D12AF36EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{858A3433-1C59-4D9E-89A8-F93E29CA173E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{8E0C5033-B28B-437B-8911-676411FCA7E3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{981E0A58-25A6-4A71-9D05-DA9C0B7A072A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{A61CAEDE-ED7A-4FA5-982C-5C36DEBEE68E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AEF01DE3-C8EB-45F7-A975-C91C9A0E631A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{B623211E-D96A-4A1D-ACC5-A8B946449A0D}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BCC61290-BC9D-45C1-8E45-8AFE68ABDAD2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{E4DD02B6-35F2-45AC-A6F1-B20AF248FFC6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EB60AFD4-37BA-4704-880E-3F59BFFF2E3E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{F60A3D7D-1F10-4CD9-B688-E0443C00FB26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FC32036E-01D4-4084-8927-F16DCF0E048E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{01392A9D-02E5-4AE4-8F4F-31A37648D34C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{19298AB5-B819-45E1-9C56-343C438ED144}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3188EB50-F8F4-4DE0-9115-B563F46EA573}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{3A3CDE58-E432-4421-9FDA-351B12388A41}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{49065ACF-A1DE-47BD-9CD1-C3D7706FE99D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{8293C225-A4C3-43A2-91A8-EDDDC82E6FB1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{8889C0A0-19FD-48F5-84FA-C275C4108737}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{8AA3325E-6B97-4584-AF7D-2798EA36B6CD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8E5A5E82-6A11-407D-B54B-FC2E13A6D1D4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{A3872F3A-39DD-4AFF-91F8-82CE46EE3855}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{CBA3C2E5-25EE-4E4A-A976-357519A48F30}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{CBE30CE5-0D22-4292-AF56-17A8105693EC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CF4CF07A-B9FC-48BC-AA99-346F5AC55733}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EFA51997-3254-406D-AAF8-67F9FF38301C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F9FEF081-39B9-485E-95AA-CB9A9671F1BD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AD5A6099-D163-4DE9-9485-F2A210EE09B4}" = Langenscheidt Vokabeltrainer 4.0 Demoversion
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.5
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 11.5.0.4546" = ElsterFormular
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pixum EasyBook" = Pixum EasyBook
"Poker Superstars II" = Poker Superstars II (remove only)
"RegClean Pro_is1" = RegClean Pro
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.0.3
"Trojan Remover_is1" = Trojan Remover 6.8.3
"TrojanHunter_is1" = TrojanHunter 5.5
"ucqemcq" = Favorit
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 145697977
 
Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 145697977
 
Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 145698975
 
Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 145698975
 
Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 145700176
 
Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 145700176
 
Error - 05.09.2011 04:26:25 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.03.2012 09:28:12 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,76% Memory free
6,18 Gb Paging File | 5,91 Gb Available in Paging File | 95,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 35,17 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 55,88 Gb Free Space | 28,63% Space Free | Partition Type: NTFS
Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norman NJeeves) --  File not found
SRV - (AviraUpgradeService) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (OsdService) -- C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <公司名稱>)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) --  File not found
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys ()
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Martin\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=mSRsvz6jFP9h0TVyCw73QHO6YHc?q={searchTerms}
IE - HKCU\..\SearchScopes\{880DF7F5-F0D3-4051-B68C-5A2C2D315E4F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{EB825AC3-D8CE-4F1E-8986-F095BB93D20B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.haz.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 13:17:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.19 18:44:50 | 000,000,000 | ---D | M]
 
[2010.06.02 08:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.01.25 19:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions
[2012.01.17 11:17:29 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.10.20 11:49:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.25 19:57:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.09.01 09:12:13 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.01.17 11:17:40 | 000,002,354 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\aol-web-search.xml
[2010.12.31 16:58:19 | 000,001,196 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\winamp-search.xml
[2012.01.02 20:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.15 21:17:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.17 13:17:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.08 13:25:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.08 13:25:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.08 13:25:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.08 13:25:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.08 13:25:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.08 13:25:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell - "" = AutoRun
O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.08 20:18:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.08 20:18:19 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.03.08 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.03.08 20:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.08 20:06:48 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe
[2012.03.08 19:39:43 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.03.08 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TrojanHunter
[2012.03.08 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Systweak
[2012.03.08 16:05:13 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.03.08 16:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.03.08 16:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012.03.08 15:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2012.03.08 15:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2012.03.08 15:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5
[2012.03.08 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.08 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Simply Super Software
[2012.03.08 15:39:20 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll
[2012.03.08 15:39:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2012.03.08 15:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Simply Super Software
[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.04 21:18:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Bank
[2012.03.03 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\Wgh
[2012.02.15 20:44:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.15 20:44:15 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.15 20:44:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.15 20:44:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.15 20:44:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.15 20:44:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.15 19:37:11 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.13 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neuer Ordner
[2012.02.13 12:47:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2012.02.13 11:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.13 11:41:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.13 11:41:06 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 11:41:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.09 09:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.09 09:24:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job
[2012.03.09 09:20:40 | 001,587,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.09 09:20:40 | 000,893,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.09 09:20:40 | 000,438,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.09 09:20:40 | 000,389,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.09 09:17:41 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.09 09:17:41 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.09 09:17:17 | 000,002,447 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
[2012.03.09 09:17:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.09 09:17:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 09:17:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 20:16:49 | 210,292,736 | ---- | M] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso
[2012.03.08 20:12:21 | 074,761,776 | ---- | M] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe
[2012.03.08 20:07:25 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.08 20:06:56 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe
[2012.03.08 19:39:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.03.08 19:37:36 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2012.03.08 18:21:44 | 000,001,791 | ---- | M] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk
[2012.03.08 16:05:26 | 000,101,888 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.08 16:05:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.03.08 16:05:21 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Prosch.job
[2012.03.08 15:49:31 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2012.03.08 14:55:11 | 007,367,726 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat
[2012.03.08 10:02:24 | 000,883,840 | ---- | M] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe
[2012.03.07 23:54:27 | 000,000,902 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.03131854124746003.exe.lnk
[2012.03.07 23:51:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.07 21:37:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2012.03.07 13:27:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.03.05 21:26:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012.03.02 13:12:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.15 22:23:10 | 000,370,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 20:09:07 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 11:41:24 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.13 09:45:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.08 20:10:06 | 210,292,736 | ---- | C] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso
[2012.03.08 20:09:22 | 074,761,776 | ---- | C] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe
[2012.03.08 20:07:25 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.08 16:05:21 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RegClean Prosch.job
[2012.03.08 15:49:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2012.03.08 15:39:20 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2012.03.08 15:39:20 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.08 15:39:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.08 15:39:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.08 15:39:19 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.08 14:54:53 | 007,367,726 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat
[2012.03.08 10:02:30 | 000,001,791 | ---- | C] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk
[2012.03.08 10:02:23 | 000,883,840 | ---- | C] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe
[2012.03.07 23:54:27 | 000,000,902 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.03131854124746003.exe.lnk
[2012.02.13 11:41:24 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 18:58:58 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011.11.04 08:24:10 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat
[2011.10.13 16:45:00 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.10.02 19:49:13 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.10.02 19:49:13 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.05 17:42:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.30 09:09:27 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\hngmfc.dat
[2010.08.03 14:30:39 | 000,000,020 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\bawuho.dat
[2010.08.03 14:30:30 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\avdrn.dat
[2010.05.26 16:37:13 | 000,000,004 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\ovczpx.dat
[2010.05.14 16:18:47 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\qvjsge.dat

< End of report >
         
--- --- ---
__________________


Alt 09.03.2012, 10:36   #3
Chris4You
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hi,

hmm, scheint was neues zu sein. Das Log ist vom verseuchten Konto?

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()
[2011.11.04 08:24:10 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat
[2010.08.30 09:09:27 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\hngmfc.dat
[2010.08.03 14:30:39 | 000,000,020 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\bawuho.dat
[2010.08.03 14:30:30 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\avdrn.dat
[2010.05.26 16:37:13 | 000,000,004 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\ovczpx.dat
[2010.05.14 16:18:47 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\qvjsge.dat

:Commands
[purity]
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
__________________
__________________

Alt 09.03.2012, 10:49   #4
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Kann deine neue Anweisung nicht ausführen, da der PC einen neustart durchführen will, nachdem ich den Run Fix geklickt habe. Nach dem Neustart ist natürlich alles weg ... was soll icvh machen ..

Alt 09.03.2012, 11:29   #5
Chris4You
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hi,

suche die Logs im Ordner C:\_OTL... und poste sie dann... lass danach mam laufen...

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 09.03.2012, 11:42   #6
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



habie meinen nick nicht zufällig ausgewählt :

ich hoffe, ich hab das richtig verstanden, also:

wenn ich unter laufwerk "c" auf den ordner "_OTL" klicke, dann kommt dort ein unterordner "moved files". in diesem befinden sich zwei textdokumente. willst du diese? ich poste sie nachfolgend:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk moved successfully.
C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe moved successfully.
C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat moved successfully.
C:\Users\Martin\AppData\Roaming\hngmfc.dat moved successfully.
C:\Users\Martin\AppData\Roaming\bawuho.dat moved successfully.
C:\Users\Martin\AppData\Roaming\avdrn.dat moved successfully.
C:\Users\Martin\AppData\Roaming\ovczpx.dat moved successfully.
C:\Users\Martin\AppData\Roaming\qvjsge.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 3213 bytes
->Temporary Internet Files folder emptied: 2211161 bytes
->Java cache emptied: 30975506 bytes
->FireFox cache emptied: 120169372 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 864 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7207818 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153,00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03092012_104004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File move failed. C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk scheduled to be moved on reboot.
File C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe not found.
File C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat not found.
File C:\Users\Martin\AppData\Roaming\hngmfc.dat not found.
File C:\Users\Martin\AppData\Roaming\bawuho.dat not found.
File C:\Users\Martin\AppData\Roaming\avdrn.dat not found.
File C:\Users\Martin\AppData\Roaming\ovczpx.dat not found.
File C:\Users\Martin\AppData\Roaming\qvjsge.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3252584 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8004679 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11,00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03092012_105010

Alt 09.03.2012, 11:44   #7
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



was meinst du mit "lass danach mam laufen"??? versteh ich nicht

Alt 09.03.2012, 14:13   #8
Chris4You
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 09.03.2012, 15:35   #9
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



das geht leider beides nicht.

entweder erscheint "auf den windows installationsdienst kann nicht zugegriffen werden" oder

"an error occurred. please report the following error code to the malwarebytes - error code 732 (o,o)

Alt 09.03.2012, 20:50   #10
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



kann mir sonst keiner helfen? chris wo bist du?

Alt 09.03.2012, 23:37   #11
Chris4You
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hi,

folge dem Link (Protection Module Errors - Malwarebytes Forum, dort dem folgenden Post:

For Windows Vista and Windows 7:

Click on the Start Posted Image button and select Control Panel
Click on Programs and Features
Uninstall Malwarebytes' Anti-Malware
Restart your computer very important
Download and run mbam-clean.exe from here http://www.malwarebytes.org/mbam-clean.exe
It will ask to restart your computer, please allow it to do so very important
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Malwarebytes Anti-Malware - Download.com. Remember to enable your Anti-Virus after installation.

Falls das nichts bringt, das hier durchführen :
Windowsinstaller neu installieren:
Windows Installer deinstallieren und neu installieren - msiexec.exe [Updated]

Erstelle ein neues OTL-Log und poste es hier...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 10.03.2012, 10:21   #12
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Sorry Chris, ich finds super, dass du mir hilfst und Zeit dafür investierst, aber ich hab schon mal gesagt, dass ich ein PC-IDIOT bin und das so alles nicht verstehe.

Wir haben mal angefangen damit, dass ich mir so ein OTL Programm runtergeladen habe, ohne überhaupt zu wissen, was dieses programm macht. dann hab ich hier zwei textdateien gepostet. Was haben die denn ergeben?

Jetzt soll ich auf einen link klicken und dort den post "For Windows Vista and Windows 7" folgen. Aber wo bitte ist dort ein post "For Windows Vista and Windows 7" ??????????????????????????

Alt 10.03.2012, 11:47   #13
Chris4You
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



Hallo,

wer scrollen kann ist klar im Vorteil...

Dann noch mal:

Den Cleaner von hier runterladen und ausführen:
http://www.malwarebytes.org/mbam-clean.exe

Nach Durchführung wirst Du gefragt ob der Rechner neu gestartet wird, das unbedingt durchführen lassen.

Dann MAM neu runterladen und installieren Malwarebytes Anti-Malware - Download.com.

Falls das nicht funktioniert, muß der Windowsinstaller wie folgt neu installiert werden...

Windows Installer deinstallieren und neu installieren - msiexec.exe
Windows Installer deinstallieren und neu installieren - msiexec.exe [Updated]

Danach ein neues OTL-Log und poste es hier...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 10.03.2012, 21:15   #14
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



ok, ich versuchs ... mach ich das denn alles im abgesicherten modus?

was ist nach dem neustart? geh ich nach neustart wieder im abgesicherten modus rein oder normal?

Alt 10.03.2012, 21:25   #15
pc-idiot
 
Bundespolizei Trojaner - Standard

Bundespolizei Trojaner



noch ne frage ... wenn ich dann den MAM erneut runtergeladen habe, soll ich dann auch einen scan mit dem MAM-Programm durchführen? und wenn ja, welchen? den quick oder den vollständigen scan?

Antwort

Themen zu Bundespolizei Trojaner
abgesicherten, administrator, ahnung, beendet, booten, cleaner, erstellt, euro, geld, gen, heute, klicke, links, log, logfiles, modus, programme, rechtsklick, registry, scan, sperrt, trojane, trojaner, verschiedene, virus




Ähnliche Themen: Bundespolizei Trojaner


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema Bundespolizei Trojaner - Hi, bitte einen Thread eröffnen... Und das Log von OTL posten: OTL Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten). Lade Dir OTL von Oldtimer herunter (hxxp://oldtimer.geekstogo.com/ OTL.exe - Bundespolizei Trojaner...
Archiv
Du betrachtest: Bundespolizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.