Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Bundespolizei

Trojaner Bundespolizei


Log-Analyse und Auswertung: Trojaner Bundespolizei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.08.2012, 23:58   #1
eltipo
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei


Hallo,

soeben hat es mich mit meinem lappi auch erwischt.

Win7 64.
mbam habe ich mir schon auf den Lappi gepackt, allerdings im abgesicherten Modus(incl. Netzwerktreiber), weil sonst nix mehr geht.

Dass ich alle lokalen Laufwerke beim Scan berücksichtigen soll, hab ich schon gesehen, nur wie schaut es mit Netzwerklaufwerken (NAS?) aus?...

Ich lasse gerade noch mal durchlaufen, aber im ersten Durchlauf hat mbam nix gefunden, LOG werde ich dann posten.

Vielen Dank schon Mal!

Hier die Logfiles:
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
lappi :: LAPPI-PC [Administrator]

12.08.2012 00:51:58
mbam-log-2012-08-12 (00-51-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322989
Laufzeit: 10 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und das Logfile von OTL, als Admin im abgesicherten Modus gestartet.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.08.2012 01:09:49 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\lappi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,79% Memory free
5,98 Gb Paging File | 5,18 Gb Available in Paging File | 86,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 16,77 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Drive E: | 14,89 Gb Total Space | 14,81 Gb Free Space | 99,42% Space Free | Partition Type: FAT32
Drive F: | 110,75 Mb Total Space | 25,25 Mb Free Space | 22,80% Space Free | Partition Type: FAT
Drive G: | 29,71 Gb Total Space | 28,67 Gb Free Space | 96,48% Space Free | Partition Type: FAT32
Drive W: | 1831,84 Gb Total Space | 1249,50 Gb Free Space | 68,21% Space Free | Partition Type: NTFS
Drive X: | 1831,84 Gb Total Space | 129,88 Gb Free Space | 7,09% Space Free | Partition Type: NTFS
Drive Y: | 7,93 Gb Total Space | 7,90 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI-PC | User Name: lappi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 00:45:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\lappi\Desktop\OTL.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2007.11.26 15:13:06 | 000,025,600 | ---- | M] (E-MU Systems) [Auto | Stopped] -- C:\Windows\SysNative\emaudsv.exe -- (emaudsv)
SRV:64bit: - [2007.02.06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.08.03 09:43:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 11:35:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.10 13:46:16 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 22:28:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:28:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.27 21:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2011.04.28 22:50:00 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.28 15:33:32 | 000,154,352 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2007.12.18 10:59:56 | 000,312,320 | ---- | M] (OptionNV) [Auto | Stopped] -- C:\Program Files (x86)\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.04.02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006.12.07 00:52:36 | 000,191,896 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 22:28:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:28:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.23 15:45:44 | 000,038,768 | ---- | M] (GN Netcom A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JabraMobileCsrDfuX64.sys -- (JabraDFU)
DRV:64bit: - [2011.11.09 19:32:42 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.07 20:34:18 | 000,047,792 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioTransit_DFU.sys -- (MADFUTRANSIT)
DRV:64bit: - [2011.06.07 20:34:14 | 000,201,008 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioTransit.sys -- (MAUSBTRANSIT)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 03:08:00 | 000,090,624 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2011.02.23 03:03:44 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetgps64.sys -- (AndNetGps)
DRV:64bit: - [2011.02.23 03:03:40 | 000,037,376 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2011.02.23 03:03:40 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2011.02.23 02:58:50 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2010.12.07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010.06.16 17:01:30 | 000,070,984 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT-USB64.SYS -- (RT-USB)
DRV:64bit: - [2010.06.04 11:58:56 | 000,024,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FarMntIo.sys -- (FARMNTIO)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.25 00:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBTTN.sys -- (HBtnKey)
DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:36:04 | 000,696,832 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fus2base.sys -- (FUS2BASE)
DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.04.24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007.11.26 15:15:06 | 000,213,272 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emusba10.sys -- (emusba10)
DRV:64bit: - [2007.11.13 16:51:12 | 000,124,416 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2007.10.09 13:53:30 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007.03.30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007.02.14 14:21:42 | 000,064,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)
DRV:64bit: - [2007.02.14 14:21:40 | 001,134,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btkrnl.sys -- (BTKRNL)
DRV:64bit: - [2007.02.14 14:21:40 | 000,148,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdndis.sys -- (BTWDNDIS)
DRV:64bit: - [2007.02.14 14:21:40 | 000,047,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btport.sys -- (BTDriver)
DRV:64bit: - [2007.02.14 14:21:38 | 000,164,864 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btaudio.sys -- (btaudio)
DRV - [2012.02.24 15:02:07 | 000,004,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\hostnt.sys -- (HOSTNT)
DRV - [2011.06.02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 38 62 33 62 2F CD 01  [binary data]
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{21D635A9-AE2A-4A98-A304-1FC8A6E01277}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{4CC67886-C76F-4B1D-BBCE-BD904C98C1D9}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{842A14B7-B982-471D-AC8B-289BA134D60B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{A3F8A13A-D16F-4B92-9ED9-B259C71879BB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{D19EAC74-EAE2-4E05-9657-2776E306971D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{EA5EF257-4F61-489F-88C6-E597AE7154AF}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "google Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.27 11:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.02 23:32:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 16:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.21 15:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Extensions
[2011.05.21 15:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.01 02:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Firefox\Profiles\c169zntb.default\extensions
[2012.05.15 00:55:09 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\lappi\AppData\Roaming\mozilla\Firefox\Profiles\c169zntb.default\extensions\fb_add_on@avm.de
[2012.04.28 23:37:59 | 000,002,622 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\ebayde-suche.xml
[2012.07.30 16:12:54 | 000,001,128 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\geizhalsat-deutschland.xml
[2011.07.16 10:31:00 | 000,001,675 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\raidrushws.xml
[2011.05.21 22:10:28 | 000,001,165 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\wikipedia-de.xml
[2011.04.28 22:50:01 | 000,002,051 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\youtube-deutschland.xml
[2011.04.28 22:50:01 | 000,002,182 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\{AE9824BE-E70D-4405-93F6-7AA2C46DCED3}.xml
[2012.02.21 21:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.02 23:33:17 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\LAPPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C169ZNTB.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2011.12.26 13:25:20 | 000,026,136 | ---- | M] () (No name found) -- C:\USERS\LAPPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C169ZNTB.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
[2012.07.27 11:35:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.21 18:57:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 14:27:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 14:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.02 14:27:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 14:27:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 14:27:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 14:27:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.30 18:47:47 | 000,001,130 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TSWorkspace] C:\Users\lappi\AppData\Local\Microsoft\Windows\3950\TSWorkspace.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-3MQOP.exe" /REG /REGSVRMODE File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lappi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VCDS Updater.lnk = C:\Diagnosetool\VCDS-MFT\VCDS.exe (Ross-Tech, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36195112-577D-47A1-A651-A58F2600E0C2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DF0879C-B408-4AED-A917-713113AEE3E3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{860F2D1D-FFD0-460C-9D7B-CD8EA927297E}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ACA3486-9CD2-4B3E-89C2-03B55BBCDE06}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97414379-D673-494C-8B41-162435A30489}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A27AAAB6-184D-4159-B77F-A1566992B67B}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.27 17:20:55 | 000,000,000 | ---D | M] - W:\Auto -- [ NTFS ]
O33 - MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 01:04:29 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\lappi\Desktop\OTL.exe
[2012.08.11 23:36:34 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\hellomoto
[2012.08.11 21:14:47 | 000,000,000 | R--D | C] -- C:\Users\lappi\Dropbox
[2012.08.11 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.08.11 21:13:30 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Dropbox
[2012.08.11 21:13:11 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\lappi\Desktop\Dropbox 1.4.12.exe
[2012.08.09 13:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.09 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.08 14:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.30 16:59:38 | 000,000,000 | ---D | C] -- C:\Users\lappi\Desktop\Heiwerpra116
[2012.07.27 16:03:26 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nth Technologies Inc
[2012.07.15 20:22:15 | 000,000,000 | ---D | C] -- C:\Users\lappi\temp
[2012.07.15 18:56:05 | 000,000,000 | ---D | C] -- C:\Users\lappi\Documents\Turbo Lister
[2012.05.31 19:00:15 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\lappi\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 01:04:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 01:04:40 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 01:04:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 01:04:40 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 01:04:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 00:51:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 00:51:08 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 00:45:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\lappi\Desktop\OTL.exe
[2012.08.12 00:33:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 00:33:16 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job
[2012.08.12 00:33:16 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\qipdater.exe.job
[2012.08.12 00:32:42 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.12 00:19:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.12 00:10:58 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 00:10:58 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 22:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 21:21:23 | 001,327,310 | ---- | M] () -- C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg
[2012.08.11 21:15:02 | 000,001,083 | ---- | M] () -- C:\Users\lappi\Desktop\hifi - Verknüpfung.lnk
[2012.08.11 21:14:47 | 000,001,039 | ---- | M] () -- C:\Users\lappi\Desktop\Dropbox.lnk
[2012.08.11 21:13:48 | 000,001,049 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.11 21:13:33 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\lappi\Desktop\Dropbox 1.4.12.exe
[2012.08.10 12:15:26 | 000,055,203 | ---- | M] () -- C:\Users\lappi\Desktop\Dienstplan 09-2012.pdf
[2012.08.08 15:36:39 | 001,509,788 | ---- | M] () -- C:\Users\lappi\Desktop\IMG807.jpg
[2012.08.08 07:49:10 | 000,075,333 | ---- | M] () -- C:\Users\lappi\Desktop\Rechnung_C12005852870.pdf
[2012.08.07 12:51:06 | 000,008,990 | ---- | M] () -- C:\Users\lappi\Desktop\ekivpp58_pdf.htm
[2012.08.03 09:43:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 09:43:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.30 17:00:40 | 012,298,319 | ---- | M] () -- C:\Users\lappi\Desktop\Heimwerker-Praxis-06-2011-November-Dezember.pdf
[2012.07.28 23:52:31 | 000,645,921 | ---- | M] () -- C:\Users\lappi\Desktop\1.pdf
[2012.07.27 16:03:00 | 000,483,760 | ---- | M] () -- C:\Users\lappi\Desktop\setup.exe
[2012.07.14 10:22:43 | 000,741,457 | ---- | M] () -- C:\Users\lappi\Desktop\78285_199.pdf
[2012.07.13 09:44:33 | 000,056,734 | ---- | M] () -- C:\Users\lappi\Desktop\Fahrtenbuch Neu.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.12 00:32:42 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 21:17:40 | 001,327,310 | ---- | C] () -- C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg
[2012.08.11 21:15:02 | 000,001,083 | ---- | C] () -- C:\Users\lappi\Desktop\hifi - Verknüpfung.lnk
[2012.08.11 21:14:47 | 000,001,039 | ---- | C] () -- C:\Users\lappi\Desktop\Dropbox.lnk
[2012.08.11 21:13:48 | 000,001,049 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.10 12:15:25 | 000,055,203 | ---- | C] () -- C:\Users\lappi\Desktop\Dienstplan 09-2012.pdf
[2012.08.08 15:35:07 | 001,509,788 | ---- | C] () -- C:\Users\lappi\Desktop\IMG807.jpg
[2012.08.08 07:49:09 | 000,075,333 | ---- | C] () -- C:\Users\lappi\Desktop\Rechnung_C12005852870.pdf
[2012.08.07 12:51:05 | 000,008,990 | ---- | C] () -- C:\Users\lappi\Desktop\ekivpp58_pdf.htm
[2012.07.30 16:59:17 | 012,298,319 | ---- | C] () -- C:\Users\lappi\Desktop\Heimwerker-Praxis-06-2011-November-Dezember.pdf
[2012.07.28 23:52:28 | 000,645,921 | ---- | C] () -- C:\Users\lappi\Desktop\1.pdf
[2012.07.27 16:02:59 | 000,483,760 | ---- | C] () -- C:\Users\lappi\Desktop\setup.exe
[2012.07.14 10:22:37 | 000,741,457 | ---- | C] () -- C:\Users\lappi\Desktop\78285_199.pdf
[2012.07.13 09:44:33 | 000,056,734 | ---- | C] () -- C:\Users\lappi\Desktop\Fahrtenbuch Neu.pdf
[2012.06.22 16:46:41 | 000,000,072 | ---- | C] () -- C:\Users\lappi\obddyno.cfg
[2012.06.07 23:06:17 | 000,131,152 | ---- | C] () -- C:\Users\lappi\rechts.pir
[2012.06.07 23:04:53 | 000,131,152 | ---- | C] () -- C:\Users\lappi\links.pir
[2012.05.31 19:00:15 | 000,099,384 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\inst.exe
[2012.05.31 19:00:15 | 000,007,859 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\pcouffin.cat
[2012.05.31 19:00:15 | 000,001,167 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\pcouffin.inf
[2012.02.24 15:59:25 | 000,004,096 | ---- | C] () -- C:\ProgramData\xljmniyk.tes
[2012.02.24 15:02:07 | 000,004,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\hostnt.sys
[2012.02.12 14:01:13 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.12 14:01:13 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.12 14:01:11 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.01 18:44:24 | 000,007,505 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.12.29 02:48:11 | 000,001,057 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\vso_ts_preview.xml
[2011.12.28 14:06:56 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.22 00:58:17 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2011.12.01 15:13:46 | 000,000,701 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.04 22:14:24 | 000,151,212 | ---- | C] () -- C:\Users\lappi\namensschild2.odt
[2011.11.04 21:10:23 | 000,152,026 | ---- | C] () -- C:\Users\lappi\namensschild.odt
[2011.11.04 21:10:23 | 000,055,015 | ---- | C] () -- C:\Users\lappi\namensschild.pdf
[2011.05.23 15:59:54 | 007,125,504 | ---- | C] () -- C:\Windows\SysWow64\MtxVec.Spls4.dll
[2011.05.23 15:59:44 | 005,540,352 | ---- | C] () -- C:\Windows\SysWow64\MtxVec.Spld4.dll
[2011.05.23 12:29:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.05.23 12:29:43 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.05.06 00:25:36 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.06 00:25:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.06 00:25:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.06 00:25:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.06 00:24:31 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.05.06 00:24:31 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.05.06 00:24:31 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.04.20 19:54:58 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.20 17:21:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.20 17:14:03 | 000,007,609 | ---- | C] () -- C:\Users\lappi\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2011.06.10 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\acccore
[2012.01.28 01:57:05 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\BayWotch4
[2012.05.15 00:55:02 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\BOM
[2011.12.31 02:31:59 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\calibre
[2011.07.16 10:54:16 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Canneverbe Limited
[2012.08.12 00:33:37 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Dropbox
[2011.11.22 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\EAC
[2011.11.24 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Easy Duplicate Finder
[2012.07.24 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\foobar2000
[2012.06.13 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Foxit Software
[2012.05.04 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\FreeScreenToVideo
[2012.04.15 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\gnupg
[2012.08.11 23:36:44 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\hellomoto
[2011.09.12 13:21:52 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\ICQ
[2012.03.27 14:03:40 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\jeak.de
[2011.05.23 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\LG Electronics
[2011.11.11 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Mumble
[2012.02.02 10:27:48 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Notebook Hardware Control
[2011.04.28 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\OCS
[2011.05.24 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\OpenOffice.org
[2012.05.31 18:59:26 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Opera
[2011.10.16 00:01:06 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\pdfforge
[2011.10.15 22:22:55 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\QIP
[2012.04.10 19:03:22 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\RetroShare
[2011.04.22 02:24:04 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\SecondLife
[2012.01.13 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\TeamViewer
[2011.11.24 14:43:16 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\TeraCopy
[2011.05.21 15:35:17 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Thunderbird
[2011.09.10 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Trillian
[2012.05.31 19:00:15 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Vso
[2012.04.15 18:07:06 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\winpt
[2012.08.12 00:33:16 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\QIPdater 2012.job
[2012.08.12 00:33:16 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\qipdater.exe.job
[2012.01.01 20:25:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 347 bytes -> C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg:com.dropbox.attributes
@Alternate Data Stream - 24 bytes -> C:\Windows:7A6A08945F38ED21

< End of report >
--- --- ---
Geändert von eltipo (12.08.2012 um 00:14 Uhr)

 

Themen zu Trojaner Bundespolizei
abgesicherte, abgesicherten, abgesicherten modus, application/pdf:, bundespolizei, gefunde, gepackt, langs, laufwerke, log, lokale, lokalen, modus, netzwerk, netzwerktreiber, plug-in, poste, scan, troja, trojaner, trojaner bundespolizei


« GVU Trojaner 2.07 Windows 7 32bit | mystart.incredibar.com.... lässt sich nicht entfernen »


Ähnliche Themen: Trojaner Bundespolizei


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Bundespolizei - Hallo, soeben hat es mich mit meinem lappi auch erwischt. Win7 64. mbam habe ich mir schon auf den Lappi gepackt, allerdings im abgesicherten Modus(incl. Netzwerktreiber), weil sonst nix mehr - Trojaner Bundespolizei...
Archiv
Du betrachtest: Trojaner Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131