Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows-Verschlüsselungs Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.06.2012, 10:50   #1
domi7
 
Windows-Verschlüsselungs Trojaner - Standard

Windows-Verschlüsselungs Trojaner



Hallo,

auch ich habe mich dummerweise gestern mit dem Windows-Verschlüsselungs Trojaner infiziert und habe einige Themen durchgelesen. In den meisten habe ich dann erfahren, dass es sinnvoll ist die Malwarebytes Anti-Malware runter zuladen und den Scan durchführen zu lassen. Also hab ich das auch gemacht und es wurden mir 5 Funde angezeigt, (Bericht siehe unten). Dann habe ich defogger drüberlaufen lassen, (Bericht siehe unten) und den OTL (Berichte siehe unten). Gestern Abend hatte ich dann auch schon die nächste Mail im Ordner, die ich dann auch gleich weitergeleitet habe und diesmal nicht die zip.Datei geöffnet habe.
Jetzt meine Frage: Was sollte ich noch tun damit der rechner wieder sauber ist?

mbam-log-2012-06-05(13-43-10)


Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Domi :: MUHKUH [Administrator]

Schutz: Deaktiviert

05.06.2012 13:43:10
mbam-log-2012-06-05 (13-43-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205305
Laufzeit: 2 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|38DF1018 (Trojan.Agent.RNSGen) -> Daten: C:\Users\***\AppData\Roaming\Rqfl\353A84D738DF10181190.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\Rqfl\353A84D738DF10181190.exe (Trojan.Agent.RNSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:40 on 06/06/2012 (Domi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

OTL.Txt

OTL logfile created on: 06.06.2012 11:30:17 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,60% Memory free
7,99 Gb Paging File | 6,57 Gb Available in Paging File | 82,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 371,95 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 434,20 Gb Free Space | 93,23% Space Free | Partition Type: NTFS

Computer Name: MUHKUH | User Name: Domi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.06 11:29:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.09 08:35:43 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:35:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 08:35:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2009.08.19 11:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 11:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe


========== Modules (No Company Name) ==========

MOD - [2011.01.05 10:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\ICQ7.2\MDb.dll
MOD - [2009.08.18 16:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.05.04 07:19:28 | 000,591,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.08.26 14:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.11.25 05:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012.05.09 08:35:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 08:35:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.04 07:32:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.04 06:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.10.04 18:44:18 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2010.08.26 14:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.09 08:35:43 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 08:35:43 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.01.30 20:35:37 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.02 16:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.25 05:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.23 15:43:48 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.05 23:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.08 01:13:30 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.08 01:13:30 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.25 16:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.09.25 16:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.17 01:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.15 12:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008.05.22 18:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.22 18:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2008.05.22 18:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.02.20 17:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts)
DRV:64bit: - [2008.02.20 17:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts)
DRV:64bit: - [2008.02.20 17:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial)
DRV:64bit: - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 93 4A CA D8 A1 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO2&o=&src=crm&q={searchTerms}&locale=
IE - HKCU\..\SearchScopes\{17D8DC1E-6A22-4146-903D-1A538EE88E20}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt&mode=bounce
IE - HKCU\..\SearchScopes\{5105C181-CADD-4EE5-A822-67BFCCAC7BC2}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt&mode=bounce
IE - HKCU\..\SearchScopes\{5B76AD94-16C8-47F8-9D88-16F31330719F}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt&mode=bounce
IE - HKCU\..\SearchScopes\{5C08CA9F-8667-4279-BA64-2267BBD8E025}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt&mode=bounce
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{8133CF35-6AA4-4B62-A23D-768BE6E37855}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt&mode=bounce
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6461656D6F6E2D7365617263682E636F6D2F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{FDB38D7F-68F3-4FB5-BA91-CEB2F3195E7A}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9f5f1700-bb3c-43bd-a640-1e9fa982ac8d&pid=icqt&mode=bounce
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1338898078&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1031&id=64855&mkt=de-de&cbcxt=mai&snsc=1"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 07:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.05 09:00:03 | 000,000,000 | ---D | M]

[2011.09.02 11:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domi\AppData\Roaming\mozilla\Extensions
[2012.05.03 13:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domi\AppData\Roaming\mozilla\Firefox\Profiles\b0a72mov.default\extensions
[2012.05.04 07:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.04 07:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.05.04 07:32:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.31 10:50:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.31 10:50:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.31 10:50:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.31 10:50:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.31 10:50:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.31 10:50:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Domi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Domi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Domi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Internet\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Internet\PartyPoker\RunApp.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73AEF56-E85B-41E8-8C1E-38B35886214E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7066b7a3-0dce-11df-b311-6cf049012b03}\Shell - "" = AutoRun
O33 - MountPoints2\{7066b7a3-0dce-11df-b311-6cf049012b03}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.05 16:11:04 | 000,000,000 | ---D | C] -- C:\Probieren
[2012.06.05 15:25:38 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\www.shadowexplorer.com
[2012.06.05 15:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.05 15:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.06.05 13:48:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Malware
[2012.06.05 13:42:10 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\Malwarebytes
[2012.06.05 13:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.05 13:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.05 13:42:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.05 13:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.05 08:26:33 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\Rqfl
[2012.05.19 12:05:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Cache
[2012.05.18 10:57:34 | 000,000,000 | ---D | C] -- C:\Casino
[2012.05.16 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\MrJobs
[2012.05.16 22:03:05 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\hdbADS
[2012.05.14 19:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2012.05.14 19:40:13 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2012.05.14 15:09:08 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Roaming\JGsoft
[2012.05.14 15:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Just Great Software
[2012.05.11 12:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.05.11 12:14:29 | 000,000,000 | ---D | C] -- C:\Users\Domi\AppData\Local\Google
[2012.05.11 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.05.11 09:18:25 | 000,000,000 | ---D | C] -- C:\BCTester
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.06 11:33:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 11:33:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 11:33:01 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.06 11:33:01 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.06 11:33:01 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.06 11:33:01 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.06 11:33:01 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 11:26:28 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 11:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.06 11:25:51 | 3218,939,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 11:24:41 | 000,000,020 | ---- | M] () -- C:\Users\Domi\defogger_reenable
[2012.06.06 11:23:49 | 000,022,883 | ---- | M] () -- C:\Users\Public\Documents\Forum.odt
[2012.06.06 11:19:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.05 16:20:50 | 000,001,239 | ---- | M] () -- C:\Users\Domi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012.06.05 15:25:28 | 000,001,889 | ---- | M] () -- C:\Users\Domi\Desktop\ShadowExplorer.lnk
[2012.06.05 13:42:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 09:14:44 | 000,008,239 | ---- | M] () -- C:\Users\Public\Documents\fjfTUXEGeulntntGsndVa
[2012.05.18 17:37:25 | 000,010,976 | ---- | M] () -- C:\Users\Public\Documents\Cachebeschreibung.odt
[2012.05.17 11:28:49 | 000,000,213 | ---- | M] () -- C:\Windows\bctester_de.INI
[2012.05.14 19:40:16 | 000,000,997 | ---- | M] () -- C:\Users\Domi\Desktop\HTML Editor.lnk
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320
[2012.05.10 07:37:07 | 000,369,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 08:35:43 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.09 08:35:43 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.06 11:24:41 | 000,000,020 | ---- | C] () -- C:\Users\Domi\defogger_reenable
[2012.06.06 11:23:48 | 000,022,883 | ---- | C] () -- C:\Users\Public\Documents\Forum.odt
[2012.06.05 16:20:50 | 000,001,239 | ---- | C] () -- C:\Users\Domi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012.06.05 15:25:28 | 000,001,889 | ---- | C] () -- C:\Users\Domi\Desktop\ShadowExplorer.lnk
[2012.06.05 13:42:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.05 08:27:01 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012.06.05 08:27:01 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012.06.05 08:27:01 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012.06.05 08:27:01 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012.06.05 08:27:01 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012.06.05 08:27:01 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[2012.05.14 19:40:16 | 000,000,997 | ---- | C] () -- C:\Users\Domi\Desktop\HTML Editor.lnk
[2012.05.14 12:18:22 | 000,010,976 | ---- | C] () -- C:\Users\Public\Documents\Cachebeschreibung.odt
[2012.05.11 12:14:32 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.11 12:14:31 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.11 09:40:53 | 000,000,213 | ---- | C] () -- C:\Windows\bctester_de.INI
[2012.03.09 19:33:53 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.02 11:12:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2010.02.14 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Buhl Data Service
[2012.06.05 08:56:28 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\DAEMON Tools Lite
[2012.06.05 08:56:28 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Der Planer 4
[2011.08.07 18:16:57 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\DVDVideoSoft
[2012.06.05 08:56:28 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.07 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\GARMIN
[2012.05.16 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\hdbADS
[2012.06.06 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\ICQ
[2012.05.14 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\JGsoft
[2010.04.11 17:30:07 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Leadertech
[2012.05.16 22:03:15 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\MrJobs
[2010.08.02 20:36:16 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Need for Speed World
[2010.02.15 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\OCS
[2010.02.03 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\OpenOffice.org
[2010.02.15 14:37:25 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Opera
[2010.01.31 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Ordner HP Share-to-Web
[2012.06.05 13:45:31 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\Rqfl
[2012.06.05 08:56:43 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\tb-logger
[2012.06.05 08:56:45 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\TS3Client
[2012.02.20 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\ts3overlay
[2010.10.04 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\TuneUp Software
[2012.06.05 15:25:38 | 000,000,000 | ---D | M] -- C:\Users\Domi\AppData\Roaming\www.shadowexplorer.com
[2012.01.22 12:10:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:12830EF0E41E05FB

< End of report >

Extras.Txt

OTL Extras logfile created on: 06.06.2012 11:30:17 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Domi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,60% Memory free
7,99 Gb Paging File | 6,57 Gb Available in Paging File | 82,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 371,95 Gb Free Space | 79,86% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 434,20 Gb Free Space | 93,23% Space Free | Partition Type: NTFS

Computer Name: MUHKUH | User Name: Domi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066A03DB-F6D3-474F-80D8-806E85F06F89}" = rport=138 | protocol=17 | dir=out | app=system |
"{16D7307C-7289-4081-9099-C08956928895}" = lport=445 | protocol=6 | dir=in | app=system |
"{17B6A051-C7D0-4BFA-80F6-1158C5CB4764}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ECC836C-212A-4538-A21A-19DA583E66EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{231766B9-C275-4CD7-9566-EE27F11BDBBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34879C3E-3951-47E1-B660-1B67FC11A1EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{361A83D3-D351-43B0-AF1E-0C0E78EDD726}" = rport=10243 | protocol=6 | dir=out | app=system |
"{369CC2DF-E48E-43A8-ABA4-F1AA46C73E5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{540D08E2-443F-4936-A2BF-A7DFDEF0CA97}" = lport=10243 | protocol=6 | dir=in | app=system |
"{571F3C1E-7745-40D0-B3D7-CA92FB03C325}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C8501BA-1738-4374-BE90-84CCB6901960}" = lport=138 | protocol=17 | dir=in | app=system |
"{665E6F3E-950F-4BE4-B848-C07F75E4E095}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84240DD6-D00B-43DC-A662-29FCFF404297}" = lport=137 | protocol=17 | dir=in | app=system |
"{877775E7-E5A0-4163-8ACF-043F0CB4B7DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{97D5BDA5-B60B-4B0B-8A7F-B8C7DBBF83F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DE12F07-B22E-4DD4-9CD2-053BFD5E91E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9FE943D9-FE3F-4FA9-BC02-1682ACA992F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5E981D2-1C9E-4668-ABCF-B31F68BDFEB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{AEC6DBF1-4766-414F-90AE-23EB64C0EC57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D49D5A3A-EAC3-415F-B7DC-3FDD61823B3B}" = rport=445 | protocol=6 | dir=out | app=system |
"{D51F2A07-2886-49BC-997E-5BBA568DB56F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D97D44B4-3032-4325-8F0D-35D71114F751}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1636B35-D678-479C-89A7-E6EE689C2F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9A387B8-E83A-4F18-88C4-BAEC63377A8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F40200-0A2A-4838-BA35-F750E96DBD52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CBEA3DC-AA12-4968-829B-0A1C45F83B79}" = protocol=6 | dir=out | app=system |
"{207ADFDC-6EAA-49BA-9354-694A07912868}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A67E669-415D-4B76-AB86-DEA76B1CE19D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33A627BA-A9E8-43F6-BEDF-4E013BB6DED1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{408E9B6A-A133-46C6-801A-AB6B527E8958}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{415CE201-B355-4160-B088-52E7140032B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42D01ACF-FD06-4F43-B6EF-C1FB8AC283BE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4BF31683-9891-4B0E-9EA4-60141CD07C67}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53495F74-04DB-4B97-BAF1-458CCF42EFAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{598DAB37-FDA2-409D-83F0-F7C52A9AF651}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{798CBB12-21E6-4D91-80E9-C6ABBBA8958F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{800CA7EC-D085-4307-8AB1-E7C6777699A7}" = protocol=6 | dir=in | app=c:\programdata\wscntfy.exe |
"{80E7CEE8-377E-4399-B3CD-E14524D19598}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{8766BA86-A293-4139-82CB-1A1997CD873E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{87C6ED4E-0DC6-40E6-8FEF-F1F901D69E21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{87D2538A-223E-4636-A54E-B0EF7A3A730E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97699F84-F956-4AFE-B657-D464147FD8D4}" = protocol=17 | dir=in | app=c:\programdata\wscntfy.exe |
"{A69F0EFF-9843-4C0C-99F1-BA91FFF7CF1F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{A88BEBB5-2D74-4802-A0EE-12F7302CBC13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB1ADC5B-39A1-4D44-BBBC-F850EFC9C6B2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8D02DFF-0EBD-4EEE-9156-BD3B431CE0F0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{BA33F95F-24D1-4517-86F9-B13A9856A13E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C04245CD-C1F9-4261-9739-68FCFBAE420C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C2976D0A-D38B-4F8D-B628-E42E2C2CE75D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C7B8077F-1101-42C9-BDDE-B92612FD3E9C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDE50EEF-DD51-4913-A61C-17CFAC569A50}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{DB393533-A7E6-4EB0-BC52-47EE50F5470A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE9D3E91-8F43-4935-8F00-83DCEB96559B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBEA51B4-0995-4CB0-AFD7-042355FDA00C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{EFF2D789-24EA-4F4E-87E1-43C067924ABC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F6FAE565-503F-4CA8-9076-D4DB172FB302}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8102A0F-9473-4A98-85B9-FA3D48BBA50D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{154221CF-E790-4ED4-B122-C03CE218BD53}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{1E0B3CC8-757D-4789-9594-FE89D4DEB619}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{C63A4AD3-8FAC-45A6-818F-8EE40338C067}D:\icq7.0\icq.exe" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"UDP Query User{425EE4BB-889A-4D71-9DAD-0E36830467ED}D:\icq7.0\icq.exe" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"UDP Query User{9E0D6329-FC76-4A40-8D4E-898804EE4E67}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CE774187-11D3-467F-A744-E7D088FFB5B8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{596D57BD-31B4-45F7-8855-9E13D15D7B7E}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AFA3C5A9-959F-3A6F-9BDC-B20EA563DC23}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"WinRAR archiver" = WinRAR 4.10 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C80931B-D271-A7E5-06D8-60C4D6DCCE69}" = Catalyst Control Center Graphics Previews Common
"{1E299D2F-A7BA-457A-BECF-35AC55E4BD74}" = SweetIM Toolbar for Internet Explorer 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCA1E50-EB4B-1722-1605-721CECC3B6D7}" = Catalyst Control Center Graphics Light
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{4511950B-88F9-302E-77F2-C953EF8045F8}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5E1DE2DE-71B7-5C37-A8D2-949C143C863D}" = Catalyst Control Center Graphics Previews Vista
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD0EE5BD-B8C0-9ACB-678A-C1AD9AC0BA60}" = ccc-core-static
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B2580E5E-F617-EAE5-04B2-0C49FAC1E24F}" = Catalyst Control Center Graphics Full Existing
"{B571006A-776E-4293-8994-C4A1F7A013FE}" = TB-Logger
"{BF24E54D-77C1-CDF8-054C-133FBB71EE90}" = Catalyst Control Center Graphics Full New
"{C07A746C-E1A1-C0C3-A30C-EFB5ECE184C3}" = Catalyst Control Center Core Implementation
"{C2F9FF21-946D-8907-A45B-DF1414F43316}" = Catalyst Control Center Localization All
"{C849A1C0-B8CB-1BB0-62BB-362C2851FD0F}" = CCC Help German
"{CD27A577-BD77-481D-9E07-314AE9059A77}" = bcTester 4.9 (de)
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F81415D2-CEC9-4F96-9ABA-B2CC5382A930}" = SweetIM for Messenger 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"ShadowExplorer_is1" = ShadowExplorer 0.8
"TuneUp Utilities" = TuneUp Utilities

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



Danke schon mal im voraus.

Grüße Domi

Alt 06.06.2012, 11:15   #2
markusg
/// Malware-holic
 
Windows-Verschlüsselungs Trojaner - Standard

Windows-Verschlüsselungs Trojaner



hi,
1. die infektionsquelle:
an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert.
wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ:
.eml einstellen.
dann bitte lesen:
markusg - trojaner-board.de
und mir die soeben erstellte datei zukommen lassen.
wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders.
bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen.
sie können dann dorthin solche verdächtigen mails senden.
diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.

2. wenn du verschlüsselte daten hast, versuche shadow explorer:
http://www.trojaner-board.de/115496-...tml#post831090
__________________

__________________

Alt 06.06.2012, 11:37   #3
domi7
 
Windows-Verschlüsselungs Trojaner - Standard

Windows-Verschlüsselungs Trojaner



Hallo,

die zweite Mail die ich bekommen habe, habe ich euch gestern schon geschickt, kann sie aber nochmal schicken.

Hab ShadowExplorer probiert und bis jetzt sieht es gut aus. Einfach die fehlenden Dateien Exportieren und die verschlüsselten löschen. Prima Sache.

Gibt es sonst noch was, was ich machen müßte oder öfter dann mal durchlaufen lassen?

Gruß Domi

Was mir grad noch aufgefallen ist, ist dass ich mit ShadowExplorer nicht auf meine andere Festplatte zugreifen kann. Es geht nur C, da kann ich alles wieder herstellen.
__________________

Alt 06.06.2012, 17:04   #4
markusg
/// Malware-holic
 
Windows-Verschlüsselungs Trojaner - Standard

Windows-Verschlüsselungs Trojaner



ja, geht leider nur c:
ich würd überlegen den pc einmal komplett neu aufzusetzen und abzusichern.
die restlichen verschlüsselten daten kann man ja trotzdem behalten
weist du wie man neu aufsetze oder benötigst du da hilfe, anleitung zum absichern würde ich dir geben
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.06.2012, 18:30   #5
domi7
 
Windows-Verschlüsselungs Trojaner - Standard

Windows-Verschlüsselungs Trojaner



so richtig weis ich es nicht, wie neu aufsetzen funktioniert. Um Hilfe wäre ich da sehr dankbar. Weis ja nicht, ob ich die Daten, die ich noch brauche, vorher sichern muss, bzw. sollte.


Antwort

Themen zu Windows-Verschlüsselungs Trojaner
alternate, antivir, avira, bho, converter, dateisystem, desktop, document, error, firefox, flash player, format, frage, google earth, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, langs, logfile, microsoft office word, mozilla, mp3, object, plug-in, realtek, rundll, scan, searchscopes, security, senden, software, svchost.exe, trojane, trojaner, usb, version=1.0, wsearch




Ähnliche Themen: Windows-Verschlüsselungs Trojaner


  1. Verschlüsselungs Trojaner Windows XP
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  2. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  3. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  4. (2x) Windows Verschlüsselungs Trojaner
    Mülltonne - 08.06.2012 (1)
  5. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  6. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 06.06.2012 (3)
  7. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (45)
  8. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  9. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (1)
  10. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 07.05.2012 (1)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  13. Windows verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (11)
  14. Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (1)
  15. Windows-Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 28.04.2012 (3)
  16. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  17. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 27.04.2012 (3)

Zum Thema Windows-Verschlüsselungs Trojaner - Hallo, auch ich habe mich dummerweise gestern mit dem Windows-Verschlüsselungs Trojaner infiziert und habe einige Themen durchgelesen. In den meisten habe ich dann erfahren, dass es sinnvoll ist die Malwarebytes - Windows-Verschlüsselungs Trojaner...
Archiv
Du betrachtest: Windows-Verschlüsselungs Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.