Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Bundespolizei

Trojaner Bundespolizei


Log-Analyse und Auswertung: Trojaner Bundespolizei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.08.2012, 23:58   #1
eltipo
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei


Hallo,

soeben hat es mich mit meinem lappi auch erwischt.

Win7 64.
mbam habe ich mir schon auf den Lappi gepackt, allerdings im abgesicherten Modus(incl. Netzwerktreiber), weil sonst nix mehr geht.

Dass ich alle lokalen Laufwerke beim Scan berücksichtigen soll, hab ich schon gesehen, nur wie schaut es mit Netzwerklaufwerken (NAS?) aus?...

Ich lasse gerade noch mal durchlaufen, aber im ersten Durchlauf hat mbam nix gefunden, LOG werde ich dann posten.

Vielen Dank schon Mal!

Hier die Logfiles:
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
lappi :: LAPPI-PC [Administrator]

12.08.2012 00:51:58
mbam-log-2012-08-12 (00-51-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322989
Laufzeit: 10 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und das Logfile von OTL, als Admin im abgesicherten Modus gestartet.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.08.2012 01:09:49 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\lappi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,79% Memory free
5,98 Gb Paging File | 5,18 Gb Available in Paging File | 86,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 16,77 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Drive E: | 14,89 Gb Total Space | 14,81 Gb Free Space | 99,42% Space Free | Partition Type: FAT32
Drive F: | 110,75 Mb Total Space | 25,25 Mb Free Space | 22,80% Space Free | Partition Type: FAT
Drive G: | 29,71 Gb Total Space | 28,67 Gb Free Space | 96,48% Space Free | Partition Type: FAT32
Drive W: | 1831,84 Gb Total Space | 1249,50 Gb Free Space | 68,21% Space Free | Partition Type: NTFS
Drive X: | 1831,84 Gb Total Space | 129,88 Gb Free Space | 7,09% Space Free | Partition Type: NTFS
Drive Y: | 7,93 Gb Total Space | 7,90 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI-PC | User Name: lappi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 00:45:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\lappi\Desktop\OTL.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2007.11.26 15:13:06 | 000,025,600 | ---- | M] (E-MU Systems) [Auto | Stopped] -- C:\Windows\SysNative\emaudsv.exe -- (emaudsv)
SRV:64bit: - [2007.02.06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.08.03 09:43:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 11:35:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.10 13:46:16 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 22:28:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:28:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.27 21:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2011.04.28 22:50:00 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.28 15:33:32 | 000,154,352 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2007.12.18 10:59:56 | 000,312,320 | ---- | M] (OptionNV) [Auto | Stopped] -- C:\Program Files (x86)\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.04.02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006.12.07 00:52:36 | 000,191,896 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 22:28:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:28:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.23 15:45:44 | 000,038,768 | ---- | M] (GN Netcom A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JabraMobileCsrDfuX64.sys -- (JabraDFU)
DRV:64bit: - [2011.11.09 19:32:42 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.07 20:34:18 | 000,047,792 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioTransit_DFU.sys -- (MADFUTRANSIT)
DRV:64bit: - [2011.06.07 20:34:14 | 000,201,008 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioTransit.sys -- (MAUSBTRANSIT)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 03:08:00 | 000,090,624 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2011.02.23 03:03:44 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetgps64.sys -- (AndNetGps)
DRV:64bit: - [2011.02.23 03:03:40 | 000,037,376 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2011.02.23 03:03:40 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2011.02.23 02:58:50 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2010.12.07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010.06.16 17:01:30 | 000,070,984 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT-USB64.SYS -- (RT-USB)
DRV:64bit: - [2010.06.04 11:58:56 | 000,024,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FarMntIo.sys -- (FARMNTIO)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.25 00:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBTTN.sys -- (HBtnKey)
DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:36:04 | 000,696,832 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fus2base.sys -- (FUS2BASE)
DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.04.24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007.11.26 15:15:06 | 000,213,272 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emusba10.sys -- (emusba10)
DRV:64bit: - [2007.11.13 16:51:12 | 000,124,416 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2007.10.09 13:53:30 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007.03.30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007.02.14 14:21:42 | 000,064,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)
DRV:64bit: - [2007.02.14 14:21:40 | 001,134,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btkrnl.sys -- (BTKRNL)
DRV:64bit: - [2007.02.14 14:21:40 | 000,148,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdndis.sys -- (BTWDNDIS)
DRV:64bit: - [2007.02.14 14:21:40 | 000,047,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btport.sys -- (BTDriver)
DRV:64bit: - [2007.02.14 14:21:38 | 000,164,864 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btaudio.sys -- (btaudio)
DRV - [2012.02.24 15:02:07 | 000,004,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\hostnt.sys -- (HOSTNT)
DRV - [2011.06.02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 38 62 33 62 2F CD 01  [binary data]
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{21D635A9-AE2A-4A98-A304-1FC8A6E01277}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{4CC67886-C76F-4B1D-BBCE-BD904C98C1D9}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{842A14B7-B982-471D-AC8B-289BA134D60B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{A3F8A13A-D16F-4B92-9ED9-B259C71879BB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{D19EAC74-EAE2-4E05-9657-2776E306971D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{EA5EF257-4F61-489F-88C6-E597AE7154AF}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "google Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.27 11:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.02 23:32:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 16:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.21 15:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Extensions
[2011.05.21 15:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.01 02:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Firefox\Profiles\c169zntb.default\extensions
[2012.05.15 00:55:09 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\lappi\AppData\Roaming\mozilla\Firefox\Profiles\c169zntb.default\extensions\fb_add_on@avm.de
[2012.04.28 23:37:59 | 000,002,622 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\ebayde-suche.xml
[2012.07.30 16:12:54 | 000,001,128 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\geizhalsat-deutschland.xml
[2011.07.16 10:31:00 | 000,001,675 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\raidrushws.xml
[2011.05.21 22:10:28 | 000,001,165 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\wikipedia-de.xml
[2011.04.28 22:50:01 | 000,002,051 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\youtube-deutschland.xml
[2011.04.28 22:50:01 | 000,002,182 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\c169zntb.default\searchplugins\{AE9824BE-E70D-4405-93F6-7AA2C46DCED3}.xml
[2012.02.21 21:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.02 23:33:17 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\LAPPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C169ZNTB.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2011.12.26 13:25:20 | 000,026,136 | ---- | M] () (No name found) -- C:\USERS\LAPPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C169ZNTB.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
[2012.07.27 11:35:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.21 18:57:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 14:27:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 14:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.02 14:27:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 14:27:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 14:27:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 14:27:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.30 18:47:47 | 000,001,130 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O1 - Hosts: 127.0.0.1 update.ross-tech.com 
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TSWorkspace] C:\Users\lappi\AppData\Local\Microsoft\Windows\3950\TSWorkspace.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-3MQOP.exe" /REG /REGSVRMODE File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lappi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VCDS Updater.lnk = C:\Diagnosetool\VCDS-MFT\VCDS.exe (Ross-Tech, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36195112-577D-47A1-A651-A58F2600E0C2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DF0879C-B408-4AED-A917-713113AEE3E3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{860F2D1D-FFD0-460C-9D7B-CD8EA927297E}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ACA3486-9CD2-4B3E-89C2-03B55BBCDE06}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97414379-D673-494C-8B41-162435A30489}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A27AAAB6-184D-4159-B77F-A1566992B67B}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.27 17:20:55 | 000,000,000 | ---D | M] - W:\Auto -- [ NTFS ]
O33 - MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun
O33 - MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 01:04:29 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\lappi\Desktop\OTL.exe
[2012.08.11 23:36:34 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\hellomoto
[2012.08.11 21:14:47 | 000,000,000 | R--D | C] -- C:\Users\lappi\Dropbox
[2012.08.11 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.08.11 21:13:30 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Dropbox
[2012.08.11 21:13:11 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\lappi\Desktop\Dropbox 1.4.12.exe
[2012.08.09 13:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.09 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.08 14:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.30 16:59:38 | 000,000,000 | ---D | C] -- C:\Users\lappi\Desktop\Heiwerpra116
[2012.07.27 16:03:26 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nth Technologies Inc
[2012.07.15 20:22:15 | 000,000,000 | ---D | C] -- C:\Users\lappi\temp
[2012.07.15 18:56:05 | 000,000,000 | ---D | C] -- C:\Users\lappi\Documents\Turbo Lister
[2012.05.31 19:00:15 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\lappi\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 01:04:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 01:04:40 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 01:04:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 01:04:40 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 01:04:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 00:51:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 00:51:08 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 00:45:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\lappi\Desktop\OTL.exe
[2012.08.12 00:33:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 00:33:16 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job
[2012.08.12 00:33:16 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\qipdater.exe.job
[2012.08.12 00:32:42 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.12 00:19:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.12 00:10:58 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 00:10:58 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 22:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 21:21:23 | 001,327,310 | ---- | M] () -- C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg
[2012.08.11 21:15:02 | 000,001,083 | ---- | M] () -- C:\Users\lappi\Desktop\hifi - Verknüpfung.lnk
[2012.08.11 21:14:47 | 000,001,039 | ---- | M] () -- C:\Users\lappi\Desktop\Dropbox.lnk
[2012.08.11 21:13:48 | 000,001,049 | ---- | M] () -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.11 21:13:33 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\lappi\Desktop\Dropbox 1.4.12.exe
[2012.08.10 12:15:26 | 000,055,203 | ---- | M] () -- C:\Users\lappi\Desktop\Dienstplan 09-2012.pdf
[2012.08.08 15:36:39 | 001,509,788 | ---- | M] () -- C:\Users\lappi\Desktop\IMG807.jpg
[2012.08.08 07:49:10 | 000,075,333 | ---- | M] () -- C:\Users\lappi\Desktop\Rechnung_C12005852870.pdf
[2012.08.07 12:51:06 | 000,008,990 | ---- | M] () -- C:\Users\lappi\Desktop\ekivpp58_pdf.htm
[2012.08.03 09:43:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 09:43:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.30 17:00:40 | 012,298,319 | ---- | M] () -- C:\Users\lappi\Desktop\Heimwerker-Praxis-06-2011-November-Dezember.pdf
[2012.07.28 23:52:31 | 000,645,921 | ---- | M] () -- C:\Users\lappi\Desktop\1.pdf
[2012.07.27 16:03:00 | 000,483,760 | ---- | M] () -- C:\Users\lappi\Desktop\setup.exe
[2012.07.14 10:22:43 | 000,741,457 | ---- | M] () -- C:\Users\lappi\Desktop\78285_199.pdf
[2012.07.13 09:44:33 | 000,056,734 | ---- | M] () -- C:\Users\lappi\Desktop\Fahrtenbuch Neu.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.12 00:32:42 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 21:17:40 | 001,327,310 | ---- | C] () -- C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg
[2012.08.11 21:15:02 | 000,001,083 | ---- | C] () -- C:\Users\lappi\Desktop\hifi - Verknüpfung.lnk
[2012.08.11 21:14:47 | 000,001,039 | ---- | C] () -- C:\Users\lappi\Desktop\Dropbox.lnk
[2012.08.11 21:13:48 | 000,001,049 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.10 12:15:25 | 000,055,203 | ---- | C] () -- C:\Users\lappi\Desktop\Dienstplan 09-2012.pdf
[2012.08.08 15:35:07 | 001,509,788 | ---- | C] () -- C:\Users\lappi\Desktop\IMG807.jpg
[2012.08.08 07:49:09 | 000,075,333 | ---- | C] () -- C:\Users\lappi\Desktop\Rechnung_C12005852870.pdf
[2012.08.07 12:51:05 | 000,008,990 | ---- | C] () -- C:\Users\lappi\Desktop\ekivpp58_pdf.htm
[2012.07.30 16:59:17 | 012,298,319 | ---- | C] () -- C:\Users\lappi\Desktop\Heimwerker-Praxis-06-2011-November-Dezember.pdf
[2012.07.28 23:52:28 | 000,645,921 | ---- | C] () -- C:\Users\lappi\Desktop\1.pdf
[2012.07.27 16:02:59 | 000,483,760 | ---- | C] () -- C:\Users\lappi\Desktop\setup.exe
[2012.07.14 10:22:37 | 000,741,457 | ---- | C] () -- C:\Users\lappi\Desktop\78285_199.pdf
[2012.07.13 09:44:33 | 000,056,734 | ---- | C] () -- C:\Users\lappi\Desktop\Fahrtenbuch Neu.pdf
[2012.06.22 16:46:41 | 000,000,072 | ---- | C] () -- C:\Users\lappi\obddyno.cfg
[2012.06.07 23:06:17 | 000,131,152 | ---- | C] () -- C:\Users\lappi\rechts.pir
[2012.06.07 23:04:53 | 000,131,152 | ---- | C] () -- C:\Users\lappi\links.pir
[2012.05.31 19:00:15 | 000,099,384 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\inst.exe
[2012.05.31 19:00:15 | 000,007,859 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\pcouffin.cat
[2012.05.31 19:00:15 | 000,001,167 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\pcouffin.inf
[2012.02.24 15:59:25 | 000,004,096 | ---- | C] () -- C:\ProgramData\xljmniyk.tes
[2012.02.24 15:02:07 | 000,004,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\hostnt.sys
[2012.02.12 14:01:13 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.12 14:01:13 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.12 14:01:11 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.01 18:44:24 | 000,007,505 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.12.29 02:48:11 | 000,001,057 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\vso_ts_preview.xml
[2011.12.28 14:06:56 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.22 00:58:17 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2011.12.01 15:13:46 | 000,000,701 | ---- | C] () -- C:\Windows\wiso.ini
[2011.11.04 22:14:24 | 000,151,212 | ---- | C] () -- C:\Users\lappi\namensschild2.odt
[2011.11.04 21:10:23 | 000,152,026 | ---- | C] () -- C:\Users\lappi\namensschild.odt
[2011.11.04 21:10:23 | 000,055,015 | ---- | C] () -- C:\Users\lappi\namensschild.pdf
[2011.05.23 15:59:54 | 007,125,504 | ---- | C] () -- C:\Windows\SysWow64\MtxVec.Spls4.dll
[2011.05.23 15:59:44 | 005,540,352 | ---- | C] () -- C:\Windows\SysWow64\MtxVec.Spld4.dll
[2011.05.23 12:29:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.05.23 12:29:43 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.05.06 00:25:36 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.06 00:25:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.06 00:25:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.06 00:25:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.06 00:24:31 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.05.06 00:24:31 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.05.06 00:24:31 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.04.20 19:54:58 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.20 17:21:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.20 17:14:03 | 000,007,609 | ---- | C] () -- C:\Users\lappi\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2011.06.10 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\acccore
[2012.01.28 01:57:05 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\BayWotch4
[2012.05.15 00:55:02 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\BOM
[2011.12.31 02:31:59 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\calibre
[2011.07.16 10:54:16 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Canneverbe Limited
[2012.08.12 00:33:37 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Dropbox
[2011.11.22 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\EAC
[2011.11.24 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Easy Duplicate Finder
[2012.07.24 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\foobar2000
[2012.06.13 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Foxit Software
[2012.05.04 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\FreeScreenToVideo
[2012.04.15 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\gnupg
[2012.08.11 23:36:44 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\hellomoto
[2011.09.12 13:21:52 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\ICQ
[2012.03.27 14:03:40 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\jeak.de
[2011.05.23 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\LG Electronics
[2011.11.11 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Mumble
[2012.02.02 10:27:48 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Notebook Hardware Control
[2011.04.28 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\OCS
[2011.05.24 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\OpenOffice.org
[2012.05.31 18:59:26 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Opera
[2011.10.16 00:01:06 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\pdfforge
[2011.10.15 22:22:55 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\QIP
[2012.04.10 19:03:22 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\RetroShare
[2011.04.22 02:24:04 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\SecondLife
[2012.01.13 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\TeamViewer
[2011.11.24 14:43:16 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\TeraCopy
[2011.05.21 15:35:17 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Thunderbird
[2011.09.10 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Trillian
[2012.05.31 19:00:15 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Vso
[2012.04.15 18:07:06 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\winpt
[2012.08.12 00:33:16 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\QIPdater 2012.job
[2012.08.12 00:33:16 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\qipdater.exe.job
[2012.01.01 20:25:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 347 bytes -> C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg:com.dropbox.attributes
@Alternate Data Stream - 24 bytes -> C:\Windows:7A6A08945F38ED21

< End of report >
--- --- ---
Geändert von eltipo (12.08.2012 um 00:14 Uhr)

Alt 12.08.2012, 01:10   #2
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - [2011.04.28 22:50:00 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{21D635A9-AE2A-4A98-A304-1FC8A6E01277}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{4CC67886-C76F-4B1D-BBCE-BD904C98C1D9}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{842A14B7-B982-471D-AC8B-289BA134D60B}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{A3F8A13A-D16F-4B92-9ED9-B259C71879BB}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{D19EAC74-EAE2-4E05-9657-2776E306971D}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\..\SearchScopes\{EA5EF257-4F61-489F-88C6-E597AE7154AF}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ed41c38e-c9c1-4fe5-997d-c5711fbe116c&pid=murb&mode=bounce&k=0 
IE - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "google Search" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
O4:64bit: - HKLM..\Run: [] File not found 
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) 
O4:64bit: - HKLM..\Run: [TSWorkspace] C:\Users\lappi\AppData\Local\Microsoft\Windows\3950\TSWorkspace.exe () 
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-3MQOP.exe" /REG /REGSVRMODE File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun 
O33 - MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun 
O33 - MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun 
O33 - MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = G:\autorun.exe 
O33 - MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\Shell - "" = AutoRun 
O33 - MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\Shell - "" = AutoRun 
O33 - MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\Shell - "" = AutoRun 
O33 - MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\Shell - "" = AutoRun 
O33 - MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\Shell - "" = AutoRun 
O33 - MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\Shell - "" = AutoRun 
O33 - MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\E\Shell - "" = AutoRun 
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe 
[2012.08.11 21:13:11 | 017,798,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\lappi\Desktop\Dropbox 1.4.12.exe 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.08.12 00:33:16 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\qipdater.exe.job 

@Alternate Data Stream - 347 bytes -> C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg:com.dropbox.attributes 
@Alternate Data Stream - 24 bytes -> C:\Windows:7A6A08945F38ED21 
[2012.08.11 23:36:34 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\hellomoto 

[2012.08.12 00:33:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.12 00:33:16 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job 
[2012.08.12 00:19:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.11 22:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 12.08.2012, 01:34   #3
eltipo
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei


ah, jetzt gerafft...

er läuft wieder!

Zitat:
All processes killed
========== OTL ==========
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{21D635A9-AE2A-4A98-A304-1FC8A6E01277}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D635A9-AE2A-4A98-A304-1FC8A6E01277}\ not found.
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4CC67886-C76F-4B1D-BBCE-BD904C98C1D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CC67886-C76F-4B1D-BBCE-BD904C98C1D9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{842A14B7-B982-471D-AC8B-289BA134D60B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842A14B7-B982-471D-AC8B-289BA134D60B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A3F8A13A-D16F-4B92-9ED9-B259C71879BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3F8A13A-D16F-4B92-9ED9-B259C71879BB}\ not found.
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D19EAC74-EAE2-4E05-9657-2776E306971D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D19EAC74-EAE2-4E05-9657-2776E306971D}\ not found.
Registry key HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EA5EF257-4F61-489F-88C6-E597AE7154AF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5EF257-4F61-489F-88C6-E597AE7154AF}\ not found.
HKU\S-1-5-21-2195182437-2403971164-2041190362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "google Search" removed from browser.search.defaultenginename
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.
C:\Users\lappi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TSWorkspace deleted successfully.
C:\Users\lappi\AppData\Local\Microsoft\Windows\3950\TSWorkspace.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2195182437-2403971164-2041190362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545b8-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545c6-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545d6-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b545d9-aa1e-11e0-ba2c-001a4b5f398a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc52065-bdd4-11e1-bf9a-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc52065-bdd4-11e1-bf9a-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc52065-bdd4-11e1-bf9a-404e57434401}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f9ee84-b7af-11e1-9e1e-001a6bdb4a2b}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f9ee86-b7af-11e1-9e1e-001a6bdb4a2b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d9631c1-e945-11e0-84ea-001a6bdb4a2b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d9631c7-e945-11e0-84ea-001a6bdb4a2b}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
C:\Users\lappi\Desktop\Dropbox 1.4.12.exe moved successfully.
C:\Windows\SysWow64\~.tmp deleted successfully.
C:\Windows\Tasks\qipdater.exe.job moved successfully.
ADS C:\Users\lappi\Desktop\2012-08-10 20.19.33.jpg:com.dropbox.attributes deleted successfully.
ADS C:\Windows:7A6A08945F38ED21 deleted successfully.
C:\Users\lappi\AppData\Roaming\hellomoto folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\QIPdater 2012.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\lappi\Desktop\cmd.bat deleted successfully.
C:\Users\lappi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: lappi
->Temp folder emptied: 136284251 bytes
->Temporary Internet Files folder emptied: 100606704 bytes
->Java cache emptied: 16230862 bytes
->FireFox cache emptied: 60867238 bytes
->Flash cache emptied: 24279 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104664733 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 176053174 bytes

Total Files Cleaned = 568,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: lappi
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08122012_023859

Files\Folders moved on Reboot...
C:\Users\lappi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\lappi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
Ich bedanke mich dann schon mal recht herzlich für die schnelle und perfekte Hilfe!!!

Ein Problem habe ich jetzt allerdings:

Ziehe ich bei laufendem Gerät den Stecker, wird WIN sofort beendet, weil der Akku angeblich leer ist.
Ist er nicht....das Ding ist nagelneu und funktionierte bis zu dem Problem tadellos, fahre ich den Rechner direkt danach ohne Strom hoch, geht alles problemlos und er zeigt auch volle Kapazität an.
__________________
Geändert von eltipo (12.08.2012 um 01:42 Uhr)

Alt 26.09.2012, 12:44   #4
t'john
/// Helfer-Team
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.09.2012, 12:55   #5
eltipo
 
Trojaner Bundespolizei - Standard

Trojaner Bundespolizei


wieso fehlende Rückmeldung?

hab doch ne Rückmeldung gegeben?


Antwort

Themen zu Trojaner Bundespolizei
abgesicherte, abgesicherten, abgesicherten modus, application/pdf:, bundespolizei, gefunde, gepackt, langs, laufwerke, log, lokale, lokalen, modus, netzwerk, netzwerktreiber, plug-in, poste, scan, troja, trojaner, trojaner bundespolizei


« GVU Trojaner 2.07 Windows 7 32bit | mystart.incredibar.com.... lässt sich nicht entfernen »


Ähnliche Themen: Trojaner Bundespolizei


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Bundespolizei - Hallo, soeben hat es mich mit meinem lappi auch erwischt. Win7 64. mbam habe ich mir schon auf den Lappi gepackt, allerdings im abgesicherten Modus(incl. Netzwerktreiber), weil sonst nix mehr - Trojaner Bundespolizei...
Archiv
Du betrachtest: Trojaner Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129