Windows Verschlüsselungs-Trojaner

frank3 · 25.04.2012, 19:40

Hey

Habe das gleiche Problem wie viele vor mir hier mit dem Windows Verschlüsselungs-Trojaner. Nun habe ich alle Schritte soweit befolgt und bekam diese Datei angezeigt.

otl.txt

OTL logfile created on: 4/25/2012 8:41:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 297.97 Gb Total Space | 246.64 Gb Free Space | 82.77% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/03/30 14:37:21 | 003,417,376 | ---- | M] () [Auto] -- C:\programme\gemeinsame dateien\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/02/29 03:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 03:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 03:55:53 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/01/31 03:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/03/14 16:12:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/08 03:57:37 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/03/25 16:40:02 | 000,079,360 | ---- | M] (Autodesk) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/07/29 05:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2007/07/11 05:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/05/04 08:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto] -- C:\Programme\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2006/10/26 10:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/18 00:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/09/23 01:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (TSMPacket)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/01/31 03:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 03:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 11:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/18 00:02:16 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/29 05:11:30 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/07/16 17:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 17:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/16 17:32:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
DRV - [2008/06/12 04:30:12 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/02/21 20:28:14 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/14 06:42:04 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/14 12:14:02 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/23 11:05:18 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 11:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 11:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 11:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 11:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 11:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 11:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 11:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 10:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 10:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/04/24 13:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2005/08/12 12:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/11/23 22:01:46 | 000,017,536 | R--- | M] (TwinHan Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UDTTload.sys -- (UDTTLOAD)
DRV - [2003/11/23 22:01:46 | 000,015,360 | R--- | M] (TwinHan Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UDTTcap.sys -- (UDTTUSB)
DRV - [2002/12/17 00:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell | MSN
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt.
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = Dell | MSN

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Dell | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = Dell Offizielle Seite | Dell Deutschland
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Dell | MSN
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HJ_H_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
IE - HKU\HJ_H_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com
IE - HKU\HJ_H_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\HJ_H_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HJ_H_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/08 10:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

[2012/01/08 10:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/07 16:34:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/08 10:17:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/01/08 10:17:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/08 10:17:44 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/08 10:17:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/08 10:17:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/08 10:17:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/08 10:17:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\HJ_H_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\HJ_H_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVDDXSrv] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\HJ_H_ON_C..\Run: [ACE4AE34] C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe (THHiq)
O4 - HKU\HJ_H_ON_C..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\HJ H\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\HJ_H_ON_C..\Run: [DellSupportCenter] File not found
O4 - HKU\HJ_H_ON_C..\Run: [EPSON S21 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\HJ_H_ON_C..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\HJ_H_ON_C..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\HJ_H_ON_C..\Run: [Realtecdriver] C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Realtec\Realtecdriver.exe (THHiq)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HJ_H_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HJ_H_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\HJ_H_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244576532250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe) - C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe (THHiq)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 06:22:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Nkczov
[2012/04/25 06:16:58 | 000,067,072 | -H-- | C] (THHiq) -- C:\WINDOWS\System32\5344C273ACE4AE345CBF.exe
[2012/04/25 06:16:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Realtec
[2012/04/19 12:47:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012/04/04 13:26:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Blender Foundation
[2012/04/04 13:22:11 | 000,000,000 | ---D | C] -- C:\Programme\Blender Foundation
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/25 13:28:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/25 13:28:00 | 001,025,472 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012/04/25 13:27:33 | 000,042,464 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/04/25 12:46:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/04/25 12:23:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/04/25 12:22:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/25 12:05:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/25 12:03:08 | 000,184,314 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/25 12:03:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 12:02:58 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 11:59:06 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 08:05:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/04/25 08:04:56 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/04/25 08:03:08 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/04/25 08:01:04 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/04/25 06:24:33 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\locked-Desktop anzeigen.scf.ypyx
[2012/04/25 06:24:31 | 000,005,068 | ---- | M] () -- C:\locked-dell.sdr.totk
[2012/04/25 06:16:58 | 000,067,072 | -H-- | M] (THHiq) -- C:\WINDOWS\System32\5344C273ACE4AE345CBF.exe
[2012/04/24 21:57:04 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/24 21:56:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/04/23 16:34:56 | 000,000,833 | ---- | M] () -- C:\Dokumente und Einstellungen\HJ H\Desktop\Verknüpfung mit Druckansicht- Ford Mondeo Turnier 2.lnk
[2012/04/23 14:41:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012/04/19 12:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012/04/14 08:44:18 | 000,547,290 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/04/14 08:44:18 | 000,493,490 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/14 08:44:18 | 000,121,314 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/04/14 08:44:18 | 000,091,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/14 07:02:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/29 12:44:55 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\HJ H\Desktop\Microsoft Office Word 2007.lnk
[2012/03/29 10:12:02 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/25 06:23:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/04/25 06:23:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/04/25 06:23:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/04/25 06:23:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/04/25 06:23:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/04/25 06:23:15 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/04/23 16:34:56 | 000,000,833 | ---- | C] () -- C:\Dokumente und Einstellungen\HJ H\Desktop\Verknüpfung mit Druckansicht- Ford Mondeo Turnier 2.lnk
[2012/02/17 14:15:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/04 06:56:40 | 000,004,385 | ---- | C] () -- C:\Dokumente und Einstellungen\HJ H\.recently-used.xbel
[2011/07/12 12:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/27 14:43:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/20 17:18:11 | 001,025,472 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010/05/24 10:53:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/04 15:08:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/08/08 04:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/28 09:26:30 | 000,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\HJ H\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/23 10:09:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini
[2009/05/16 15:56:04 | 000,000,105 | ---- | C] () -- C:\WINDOWS\tifset.ini
[2009/03/25 15:23:36 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\HJ H\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/03/20 15:43:46 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/20 15:43:46 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/03/20 15:43:46 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/20 15:43:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/03/20 15:43:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/20 15:43:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/20 15:43:46 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/03/20 15:43:46 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/03/20 15:43:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/03/20 15:42:37 | 000,001,502 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/03/20 08:19:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/20 08:02:38 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/20 08:00:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/03/20 08:00:37 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/03/20 08:00:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/03/20 07:59:54 | 000,000,074 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/03/20 07:51:21 | 000,042,464 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/05/26 18:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 18:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 18:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 17:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 17:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 11:06:53 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/04/25 11:02:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 10:57:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 10:57:02 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 05:46:09 | 000,547,290 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/25 05:46:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/25 05:46:09 | 000,121,314 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/25 05:46:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/25 05:45:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 05:45:56 | 000,493,490 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 05:45:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 05:45:56 | 000,091,810 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 05:45:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 05:45:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 05:45:55 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 05:45:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 05:45:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 05:45:50 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 05:45:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 05:45:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/24 21:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/24 21:51:36 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/21 14:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2009/03/20 07:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2011/06/30 12:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\AskToolbar
[2012/02/26 13:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Autodesk
[2012/04/04 13:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Blender Foundation
[2011/11/27 10:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\cadenas
[2009/09/04 15:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\DassaultSystemes
[2011/12/03 11:40:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\DVDVideoSoft
[2011/12/03 11:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/02/04 06:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\gtk-2.0
[2010/05/13 07:57:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\IM
[2012/04/25 06:22:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Nkczov
[2010/11/20 14:41:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\PCDr
[2009/03/26 11:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\T-DSL SpeedManager
[2010/11/05 11:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Unigraphics Solutions
[2009/03/20 07:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Windows Desktop Search
[2009/03/25 15:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Windows Search
[2012/02/26 13:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2009/09/04 15:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
[2011/10/09 07:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/11/20 14:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2009/03/20 08:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportSoft
[2009/03/26 12:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2012/03/29 10:12:02 | 000,000,548 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/25 12:46:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/04/25 12:23:47 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

jetzt weiß ich nicht mehr weiter, was ich machen soll.

Grüße frank

markusg · 25.04.2012, 20:39

hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
[CODE]
:OTL
O4 - HKU\HJ_H_ON_C..\Run: [ACE4AE34] C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe (THHiq)
O4 - HKU\HJ_H_ON_C..\Run: [Realtecdriver] C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Realtec\Realtecdriver.exe (THHiq)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\HJ_H_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\HJ_H_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe) - C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe (THHiq)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
[2012/04/25 06:22:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Nkczov
:Files
C:\WINDOWS\system32\5344C273ACE4AE345CBF.exe
C:\Dokumente und Einstellungen\HJ H\Anwendungsdaten\Realtec
:Commands
[purity]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Windows Verschlüsselungs-Trojaner

Log-Analyse und Auswertung: Windows Verschlüsselungs-Trojaner

Windows Verschlüsselungs-Trojaner

Windows Verschlüsselungs-Trojaner

Ähnliche Themen: Windows Verschlüsselungs-Trojaner