Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
bundestrojaner und verschlüsselung

bundestrojaner und verschlüsselung


Log-Analyse und Auswertung: bundestrojaner und verschlüsselung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.08.2012, 20:37   #1
blocker1
 
bundestrojaner und verschlüsselung - Standard

bundestrojaner und verschlüsselung


Abend zusammen,

ich hatte den Bundestrojaner aufm Rechner den ich mit na Systemwiederherstellung "behoben" bekommen hab.
Jetzt hab ich aba auch mit erschrecken feststellen müssen das auf meiner Partition "Data" alle Dateien umbenannt und nicht mehr lesbar sind.
Ich hoff das bekommt man wieder irgendwie hin!? Da sind Geschäftsinformationen und -daten gespeichert, an die nicht mehr dran zu kommen ist.
Also das erste was ich hab drüber laufen lassen war Malwarebytes.
Die log dazu:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.20.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Blocks :: BLOCKS-LAPTOP [Administrator]

Schutz: Aktiviert

20.08.2012 19:54:24
mbam-log-2012-08-20 (19-54-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 186856
Laufzeit: 7 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Blocks\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




Dann hab ich noch OTL drüber laufen lassen:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.08.2012 21:16:42 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Blocks\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 31,33% Memory free
5,99 Gb Paging File | 2,71 Gb Available in Paging File | 45,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 37,62 Gb Free Space | 32,38% Space Free | Partition Type: NTFS
Drive E: | 115,21 Gb Total Space | 110,46 Gb Free Space | 95,88% Space Free | Partition Type: NTFS
 
Computer Name: BLOCKS-LAPTOP | User Name: Blocks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.20 20:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Blocks\Desktop\OTL.exe
PRC - [2012.08.15 13:53:28 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012.08.08 17:22:20 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 09:10:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.07 20:06:33 | 001,053,848 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.15 13:53:27 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012.07.30 09:10:42 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.15 13:53:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.30 09:10:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 20:06:33 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.11 12:24:30 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.26 08:21:18 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2007.11.09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE E9 12 12 1E 29 CD 01  [binary data]
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes,DefaultScope = {603A3940-8E63-496A-B404-13A6E63D8FEB}
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes\{089309CC-4704-4804-AE7C-E08B3DA17C39}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111015&tt=2912_3&babsrc=SP_ss&mntrId=2cf7da7100000000000000216bb352f7
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes\{5AF3529F-FDEF-40C3-A157-2EFFC4F767BF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes\{603A3940-8E63-496A-B404-13A6E63D8FEB}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\SearchScopes\{F140AC26-B95C-4CAD-874E-2AA946AA4873}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=111015&tt=2912_3&babsrc=KW_ss&mntrId=2cf7da7100000000000000216bb352f7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.10 17:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 09:10:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.10 17:12:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 09:10:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.18 20:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blocks\AppData\Roaming\mozilla\Extensions
[2012.07.23 12:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blocks\AppData\Roaming\mozilla\Firefox\Profiles\qz9xijq9.default\extensions
[2012.06.07 19:44:24 | 000,003,915 | ---- | M] () -- C:\Users\Blocks\AppData\Roaming\Mozilla\Firefox\Profiles\qz9xijq9.default\searchplugins\sweetim.xml
[2012.05.03 13:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.23 12:46:15 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\BLOCKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZ9XIJQ9.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.07.30 09:10:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.27 13:33:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.18 20:29:02 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.27 13:33:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.27 13:33:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 13:33:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 13:33:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 13:33:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-121852881-3908611197-2882621866-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-121852881-3908611197-2882621866-1001..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429E4C30-7445-4A25-B2BD-B67CB4714070}: DhcpNameServer = 78.42.43.62 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 20:52:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Blocks\Desktop\OTL.exe
[2012.08.20 19:52:33 | 000,000,000 | ---D | C] -- C:\Users\Blocks\AppData\Roaming\Malwarebytes
[2012.08.20 19:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.20 19:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.20 19:52:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.20 19:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.20 11:57:29 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.08.20 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.08.20 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.08.20 11:54:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012.08.20 11:54:58 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012.08.20 11:54:58 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012.08.20 11:54:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012.08.20 11:54:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012.08.20 11:53:30 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.08.20 11:52:30 | 000,000,000 | ---D | C] -- C:\Users\Blocks\AppData\Local\Windows Live
[2012.08.20 11:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.08.18 23:12:56 | 000,000,000 | ---D | C] -- C:\Users\Blocks\AppData\Local\PokerStars.EU
[2012.08.18 23:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2012.08.18 23:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU
[2012.08.17 06:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.16 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\Blocks\Documents\Markus
[2012.08.16 07:27:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 07:27:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 07:27:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 07:27:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 07:27:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 07:27:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 07:27:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 11:12:39 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.15 11:12:38 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 11:12:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.13 20:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\IGC
[2012.08.13 20:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
[2012.07.30 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.07.30 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.30 12:55:30 | 000,000,000 | ---D | C] -- C:\Users\Blocks\AppData\Roaming\Foxit Software
[2012.07.30 12:33:37 | 000,000,000 | ---D | C] -- C:\Users\Blocks\Documents\Laura
[2012.07.28 02:54:00 | 000,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012.07.26 19:08:06 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 20:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Blocks\Desktop\OTL.exe
[2012.08.20 20:52:11 | 000,000,156 | ---- | M] () -- C:\Users\Blocks\defogger_reenable
[2012.08.20 20:32:43 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 20:32:43 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 20:32:42 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.20 20:32:42 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.20 20:32:42 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.20 20:32:42 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.20 20:24:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 20:24:42 | 2411,896,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.20 19:52:20 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.20 19:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 11:56:59 | 000,000,020 | ---- | M] () -- C:\Windows\¼øÊ
[2012.08.17 06:55:11 | 000,410,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.15 13:53:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 13:53:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.14 21:56:45 | 000,060,781 | ---- | M] () -- C:\Users\Blocks\Desktop\taufkerze.jpg
[2012.08.13 20:00:55 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Free DWG Viewer.lnk
[2012.08.10 18:02:22 | 002,131,664 | ---- | M] () -- C:\Users\Blocks\Documents\CIMG0899.JPG
[2012.08.08 22:12:33 | 000,021,130 | ---- | M] () -- C:\Users\Blocks\Desktop\Haftpflicht - VHV Versicherungen_ Private und gewerbliche Versicherungen vom Experten.pdf
[2012.08.06 02:59:44 | 775,297,024 | ---- | M] () -- C:\Users\Blocks\Desktop\Ted.avi
[2012.08.03 11:38:20 | 1047,965,696 | ---- | M] () -- C:\Users\Blocks\Desktop\Offroad.avi
[2012.07.28 02:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012.07.27 08:44:45 | 000,018,070 | ---- | M] () -- C:\Users\Blocks\Desktop\Status-zu-Sendung-JJD1410103475601.pdf
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll
[2012.07.22 13:35:57 | 000,000,125 | ---- | M] () -- C:\Windows\xUninstall.bat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.20 20:52:10 | 000,000,156 | ---- | C] () -- C:\Users\Blocks\defogger_reenable
[2012.08.20 19:52:20 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.20 11:57:17 | 000,001,256 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.08.20 11:57:04 | 000,001,325 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.08.20 11:56:58 | 000,000,020 | ---- | C] () -- C:\Windows\¼øÊ
[2012.08.14 21:56:43 | 000,060,781 | ---- | C] () -- C:\Users\Blocks\Desktop\taufkerze.jpg
[2012.08.13 20:00:55 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Free DWG Viewer.lnk
[2012.08.10 18:02:22 | 002,131,664 | ---- | C] () -- C:\Users\Blocks\Documents\CIMG0899.JPG
[2012.08.08 22:12:31 | 000,021,130 | ---- | C] () -- C:\Users\Blocks\Desktop\Haftpflicht - VHV Versicherungen_ Private und gewerbliche Versicherungen vom Experten.pdf
[2012.08.08 19:23:24 | 775,297,024 | ---- | C] () -- C:\Users\Blocks\Desktop\Ted.avi
[2012.08.08 19:20:24 | 1047,965,696 | ---- | C] () -- C:\Users\Blocks\Desktop\Offroad.avi
[2012.08.02 20:10:31 | 001,336,632 | R--- | C] () -- C:\Users\Blocks\Documents\LaunchU3.exe
[2012.07.30 13:00:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.27 08:44:45 | 000,018,070 | ---- | C] () -- C:\Users\Blocks\Desktop\Status-zu-Sendung-JJD1410103475601.pdf
[2012.06.07 20:06:33 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2012.05.11 12:38:22 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.05.10 17:04:41 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012.05.06 06:59:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.05.03 11:55:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.06.07 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\1&1
[2012.05.10 14:54:27 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\Babylon
[2012.06.02 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\DAEMON Tools Lite
[2012.07.30 12:55:30 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\Foxit Software
[2012.07.18 20:30:49 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\Media Finder
[2012.05.11 12:23:14 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\OpenCandy
[2012.05.10 14:54:26 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\pdfforge
[2012.06.10 10:38:55 | 000,000,000 | ---D | M] -- C:\Users\Blocks\AppData\Roaming\WinBatch
[2009.07.14 06:53:46 | 000,014,236 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



Für irgend welche Hilfestellungen bin ich euch schonmal dankbar.


mfg markus

 

Themen zu bundestrojaner und verschlüsselung
78.42.43.62, administrator, adobe, adobe flash player, antivir, autorun, avg, avira, bho, browser, defender, explorer, firefox, flash player, helper, langs, log, logfile, microsoft, mozilla, opera, programme, registry, search the web, senden, software, suche, sweetim, wmp


« GUV Trojaner entfernen von Windows7Pro | GVU Trojaner 2.07 »


Ähnliche Themen: bundestrojaner und verschlüsselung


  1. Dateien mit RSA 2048 Verschlüsselung
    Plagegeister aller Art und deren Bekämpfung - 18.08.2015 (3)
  2. Verständnisfrage zur Verschlüsselung
    Smartphone, Tablet & Handy Security - 06.08.2014 (4)
  3. Maleware Verschlüsselung?
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (1)
  4. Festplatten Verschlüsselung
    Überwachung, Datenschutz und Spam - 17.01.2014 (7)
  5. UCASH Verschlüsselung
    Mülltonne - 27.07.2012 (1)
  6. Verschlüsselung Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  7. Verschlüsselung mal anders
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (2)
  8. Verschlüsselung-trojaner
    Log-Analyse und Auswertung - 02.05.2012 (1)
  9. 2048 bit PGP - RSA Trojaner verschlüsselung
    Plagegeister aller Art und deren Bekämpfung - 01.05.2012 (11)
  10. Verschlüsselung
    Log-Analyse und Auswertung - 27.04.2012 (4)
  11. Mehr Verschlüsselung!
    Nachrichten - 24.11.2010 (0)
  12. Verschlüsselung
    Überwachung, Datenschutz und Spam - 07.08.2007 (4)
  13. Kubuntu WPA Verschlüsselung
    Alles rund um Mac OSX & Linux - 26.01.2007 (2)
  14. verschlüsselung
    Überwachung, Datenschutz und Spam - 05.12.2006 (12)
  15. Challenger-Verschlüsselung
    Überwachung, Datenschutz und Spam - 05.09.2006 (15)
  16. Verschlüsselung
    Überwachung, Datenschutz und Spam - 19.08.2004 (1)
  17. ssl-128 Bit-Verschlüsselung
    Überwachung, Datenschutz und Spam - 01.04.2003 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema bundestrojaner und verschlüsselung - Abend zusammen, ich hatte den Bundestrojaner aufm Rechner den ich mit na Systemwiederherstellung "behoben" bekommen hab. Jetzt hab ich aba auch mit erschrecken feststellen müssen das auf meiner Partition "Data" - bundestrojaner und verschlüsselung...
Archiv
Du betrachtest: bundestrojaner und verschlüsselung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19