| |
| |||||||
Log-Analyse und Auswertung: Verschlüsselungs TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2012, 12:33
| #1 |
| |  Verschlüsselungs Trojaner Hallo, Auch ich habe mir einen Verschlüsselungstrojaner eingehandelt. Da ich absoluter Laie bin hoffe ich ihr könnt mir helfen. Wahrscheinlich durch öffnen einer Spam, durch meine Holde. Die Mail hab ich noch, weis aber nicht, wie ich euch die zukommen lassen kann. Danke und lieben Gruß Wolfgang Geändert von wolfnichtwei (26.04.2012 um 12:43 Uhr) |
|
26.04.2012, 12:54
| #2 |
| /// Malware-holic   | Verschlüsselungs Trojaner hi,
__________________frage, nutzt du ein mail programm, wenn ja, welches wenn du ein mail programm nutzt, versuch mal folgendes. markiere die mail, datei speichern unter, speichere sie da, wo du sie findest. dann mail an: http://markusg.trojaner-board.de und die datei anhängen wenn du einen webmailer nutzt, leite die mail an mich weiter, aber guck mal, ob du über eine schaltfläche den mail header anzeigen lassen kannst, und kopiere den mit in die mail
__________________ |
|
26.04.2012, 13:27
| #3 |
| | Verschlüsselungs Trojaner Habe die mail Gerade an http://markusg.trojaner-board.de verschickt. Absender ist aber ***
__________________ |
|
26.04.2012, 13:34
| #4 |
| /// Malware-holic | Verschlüsselungs Trojaner editiere mal deine mail adresse raus, und danke frage, kannst du momentan auf alle nutzerkonten zugreifen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.04.2012, 13:43
| #5 |
| | Verschlüsselungs Trojaner Erneut an Dich versandt, Kann den Rechner nur im Abgesicherten Modus nutzen. Bekomme gerade von GMX im Account meiner holde die Meldung, das die mail nicht an Dich gesendet werden kann, da ein Virus erkannt wurde. Wie kann ich dir die mail nu komplett schicken? |
|
26.04.2012, 14:48
| #6 |
| /// Malware-holic | Verschlüsselungs Trojaner danke download: ISO Burner Download - ISO Burner 2.5 isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ --> Verschlüsselungs Trojaner |
|
26.04.2012, 15:21
| #7 |
| | Verschlüsselungs Trojaner Alles gemacht so weit es ging. Nach dem Booten von CD erschien der Reatogo Desktop. nach doppelklick auf OTLPE Icon und auswahl des Laufwerkes C: erscheint die Fehlermeldung @Target is not Windows 2000 or later |
|
26.04.2012, 15:45
| #8 |
| /// Helfer-Team   | Verschlüsselungs Trojaner Hi ich nur kurz . ( weiss nicht wo Markus ist ... Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler! C:\windows Rajo |
|
26.04.2012, 16:44
| #9 |
| | Verschlüsselungs Trojaner Nachstehend die DAtei OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 4/26/2012 11:11:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,023.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free
907.00 Mb Paging File | 812.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 100.00 Mb Total Space | 74.16 Mb Free Space | 74.17% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 784.17 Gb Free Space | 84.20% Space Free | Partition Type: FAT32
Drive E: | 39.37 Gb Total Space | 18.80 Gb Free Space | 47.76% Space Free | Partition Type: NTFS
Drive F: | 35.06 Gb Total Space | 4.03 Gb Free Space | 11.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (Freemake Improver)
SRV - [2012/04/17 09:28:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/11 03:21:22 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto] -- F:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/03/15 10:26:02 | 000,008,704 | ---- | M] (Microsoft) [Auto] -- F:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/10 06:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- F:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 06:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- F:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/04 08:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- F:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/30 13:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System] -- F:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System] -- F:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System] -- F:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System] -- F:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto] -- F:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto] -- F:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/01 05:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 05:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 05:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 05:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/10/05 04:54:44 | 000,564,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2010/12/03 07:49:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- F:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/27 06:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand] -- F:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/02 09:29:52 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto] -- F:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/29 12:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 12:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/06/18 14:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/04/09 08:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2002/07/25 12:01:06 | 000,005,306 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- F:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2002/07/25 12:01:06 | 000,005,306 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TBPanel.sys -- (Cardex)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - F:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Wolfgang_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKU\Wolfgang_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Wolfgang_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Wolfgang_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 E0 94 C3 38 8A CB 01 [binary data]
IE - HKU\Wolfgang_ON_F\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - F:\Program Files\Dealio Toolbar\IE\5.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKU\Wolfgang_ON_F\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - F:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\Wolfgang_ON_F\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - F:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\Wolfgang_ON_F\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - F:\Program Files\pdfforge Toolbar\IE\5.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Wolfgang_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: F:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012/03/20 04:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/24 22:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012/01/28 15:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/16 17:43:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 09:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/28 15:07:33 | 000,000,000 | ---D | M]
[2012/04/16 17:43:39 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/02 07:30:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/07 05:49:49 | 000,002,519 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - F:\Program Files\Dealio Toolbar\IE\5.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - F:\Users\Wolfgang\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - F:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - F:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - F:\Users\Wolfgang\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - F:\Program Files\pdfforge Toolbar\IE\5.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - F:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - !{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - F:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - F:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\Wolfgang_ON_F\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Wolfgang_ON_F\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - F:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\Wolfgang_ON_F\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - F:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] F:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Gainward] F:\Windows\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] F:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OpwareSE4] F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SC3300CC] F:\Windows\twain_32\SiPix\SC-3300\SC3300CC.exe (Nucam Corp.)
O4 - HKLM..\Run: [SearchSettings] F:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] F:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USBPNP] F:\Windows\twain_32\SiPix\SC-3300\USBPNP.exe (NuCam Corp.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] F:\Windows\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [Realtecdriver] File not found
O4 - HKU\Wolfgang_ON_F..\Run: [] File not found
O4 - HKU\Wolfgang_ON_F..\Run: [287D1822] F:\Windows\System32\16475EAB287D18221689.exe (THHiq)
O4 - HKU\Wolfgang_ON_F..\Run: [DAEMON Tools Lite] File not found
O4 - HKU\Wolfgang_ON_F..\Run: [NokiaSuite.exe] F:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\Wolfgang_ON_F..\Run: [Realtecdriver] F:\Users\Wolfgang\AppData\Roaming\Realtec\Realtecdriver.exe (THHiq)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Wolfgang_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Wolfgang_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Wolfgang_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\FFD87E16287D18221520.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\16475EAB287D18221689.exe) - F:\Windows\System32\16475EAB287D18221689.exe (THHiq)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - D:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/04/26 12:08:30 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\Bnpvid
[2012/04/26 12:05:20 | 000,067,072 | -H-- | C] (THHiq) -- F:\Windows\System32\16475EAB287D18221689.exe
[2012/04/25 22:41:16 | 000,000,000 | ---D | C] -- F:\Windows\System32\%LOCALAPPDATA%
[2012/04/25 22:39:10 | 000,000,000 | ---D | C] -- F:\Realtec
[2012/04/25 13:16:33 | 000,000,000 | -H-D | C] -- F:\ProgramData\Common Files
[2012/04/25 03:13:58 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\Ofrhnppsxy
[2012/04/25 03:12:54 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\Realtec
[2012/04/22 11:32:45 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\Desktop\2012_04_22
[2012/04/20 11:00:27 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\Desktop\2012_04_20
[2012/04/20 08:31:51 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\Desktop\20.04.2012
[2012/04/17 09:20:22 | 000,000,000 | ---D | C] -- F:\ProgramData\McAfee Security Scan
[2012/04/17 09:20:16 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/04/17 09:20:15 | 000,000,000 | ---D | C] -- F:\Program Files\McAfee Security Scan
[2012/04/12 11:03:10 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
[2012/04/12 10:59:34 | 000,000,000 | ---D | C] -- F:\ProgramData\Ahead
[2012/04/12 10:54:12 | 000,000,000 | ---D | C] -- F:\ProgramData\Nero
[2012/04/12 09:15:15 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\Desktop\2012_04_12
[2012/04/12 04:46:47 | 000,000,000 | ---D | C] -- F:\Program Files\Dealio Toolbar
[2012/04/12 04:34:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtml.tlb
[2012/04/12 04:34:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2012/04/12 04:34:07 | 001,799,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2012/04/12 04:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2012/04/12 04:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2012/04/12 04:33:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2012/04/12 04:33:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2012/04/12 04:32:03 | 000,000,000 | ---D | C] -- F:\Program Files\pdfforge Toolbar
[2012/04/11 09:51:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntkrnlpa.exe
[2012/04/11 09:51:14 | 003,913,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/04/11 04:52:35 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\System32\FlashPlayerApp.exe
[2012/04/08 07:37:14 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\Desktop\Bilder ordnen
[2012/04/07 07:49:01 | 000,000,000 | ---D | C] -- F:\Program Files\ConvertHelper
[2012/04/07 06:22:01 | 000,000,000 | ---D | C] -- F:\ProgramData\boost_interprocess
[2012/04/07 05:53:20 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Local\Ilivid Player
[2012/04/07 05:12:23 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\TuneUp Software
[2012/04/07 05:11:21 | 000,000,000 | ---D | C] -- F:\ProgramData\TuneUp Software
[2012/04/07 05:10:05 | 000,000,000 | -HSD | C] -- F:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/04/07 05:09:09 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\ProgSense
[2012/04/07 05:09:01 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\OpenCandy
[2012/04/07 05:08:44 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\GrabPro
[2012/04/07 05:08:44 | 000,000,000 | ---D | C] -- F:\downloads
[2012/04/07 05:08:32 | 000,000,000 | ---D | C] -- F:\Users\Wolfgang\AppData\Roaming\Orbit
[2012/04/01 10:57:09 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012/04/01 10:55:26 | 000,000,000 | ---D | C] -- F:\Program Files\Full Tilt Poker
========== Files - Modified Within 30 Days ==========
[2012/04/26 13:51:55 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/04/26 12:19:02 | 804,954,112 | -HS- | M] () -- F:\hiberfil.sys
[2012/04/26 12:13:22 | 000,000,097 | ---- | M] () -- F:\Users\Wolfgang\AppData\locked-default.pls.uayx
[2012/04/26 12:11:31 | 000,000,435 | ---- | M] () -- F:\locked-IPH.PH.upsn
[2012/04/26 12:11:09 | 000,001,934 | ---- | M] () -- F:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/26 12:10:13 | 000,002,577 | ---- | M] () -- F:\Windows\System32\config.nt
[2012/04/26 12:05:20 | 000,067,072 | -H-- | M] (THHiq) -- F:\Windows\System32\16475EAB287D18221689.exe
[2012/04/25 23:35:15 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/25 08:05:36 | 000,481,078 | ---- | M] () -- F:\Windows\System32\winsh323
[2012/04/25 08:04:56 | 000,481,078 | ---- | M] () -- F:\Windows\System32\winsh322
[2012/04/25 08:03:08 | 000,481,078 | ---- | M] () -- F:\Windows\System32\winsh321
[2012/04/25 08:01:04 | 000,481,078 | ---- | M] () -- F:\Windows\System32\winsh320
[2012/04/25 02:57:04 | 000,017,424 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 02:57:04 | 000,017,424 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 02:57:01 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 21:57:04 | 000,481,078 | ---- | M] () -- F:\Windows\System32\winsh325
[2012/04/24 21:56:48 | 000,481,078 | ---- | M] () -- F:\Windows\System32\winsh324
[2012/04/22 17:02:46 | 000,664,420 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/04/22 17:02:46 | 000,623,674 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/04/22 17:02:46 | 000,134,268 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/04/22 17:02:46 | 000,109,796 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/04/17 09:28:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\System32\FlashPlayerApp.exe
[2012/04/17 09:28:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/17 09:20:21 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/04/17 09:20:17 | 000,001,884 | ---- | M] () -- F:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/04/17 09:20:17 | 000,001,882 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/17 09:20:17 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/16 17:43:41 | 000,001,031 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/16 17:43:41 | 000,001,019 | ---- | M] () -- F:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/16 16:45:59 | 000,696,212 | ---- | M] () -- F:\Users\Wolfgang\Desktop\Allitis.jpg
[2012/04/12 11:03:11 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
[2012/04/12 11:03:04 | 000,002,754 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/04/12 11:03:04 | 000,002,730 | ---- | M] () -- F:\Users\Public\Desktop\Nero StartSmart.lnk
[2012/04/12 11:03:04 | 000,002,668 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012/04/12 11:03:04 | 000,002,644 | ---- | M] () -- F:\Users\Public\Desktop\Nero Home.lnk
[2012/04/12 09:14:08 | 000,002,441 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/10 09:21:21 | 000,004,416 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\CamStudio.cfg
[2012/04/10 09:21:21 | 000,000,408 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\CamShapes.ini
[2012/04/10 09:21:21 | 000,000,408 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\CamLayout.ini
[2012/04/10 09:21:21 | 000,000,121 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\Camdata.ini
[2012/04/05 12:57:59 | 000,001,115 | ---- | M] () -- F:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2012/04/01 10:57:09 | 000,001,045 | ---- | M] () -- F:\Users\Public\Desktop\Full Tilt Poker.lnk
[2012/04/01 10:57:09 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
========== Files Created - No Company Name ==========
[2012/04/25 22:37:37 | 000,481,078 | ---- | C] () -- F:\Windows\System32\winsh325
[2012/04/25 22:37:37 | 000,481,078 | ---- | C] () -- F:\Windows\System32\winsh324
[2012/04/25 22:37:37 | 000,481,078 | ---- | C] () -- F:\Windows\System32\winsh323
[2012/04/25 22:37:37 | 000,481,078 | ---- | C] () -- F:\Windows\System32\winsh322
[2012/04/25 22:37:37 | 000,481,078 | ---- | C] () -- F:\Windows\System32\winsh321
[2012/04/25 22:37:37 | 000,481,078 | ---- | C] () -- F:\Windows\System32\winsh320
[2012/04/17 09:20:17 | 000,001,884 | ---- | C] () -- F:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/04/17 09:20:17 | 000,001,882 | ---- | C] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/16 16:45:25 | 000,696,212 | ---- | C] () -- F:\Users\Wolfgang\Desktop\Allitis.jpg
[2012/04/16 09:03:35 | 000,001,934 | ---- | C] () -- F:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/12 11:03:04 | 000,002,754 | ---- | C] () -- F:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/04/12 11:03:04 | 000,002,730 | ---- | C] () -- F:\Users\Public\Desktop\Nero StartSmart.lnk
[2012/04/12 11:03:04 | 000,002,668 | ---- | C] () -- F:\Users\Wolfgang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012/04/12 11:03:04 | 000,002,644 | ---- | C] () -- F:\Users\Public\Desktop\Nero Home.lnk
[2012/04/11 04:52:39 | 000,000,884 | ---- | C] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/07 07:45:20 | 000,004,416 | ---- | C] () -- F:\Users\Wolfgang\AppData\Roaming\CamStudio.cfg
[2012/04/07 07:45:20 | 000,000,408 | ---- | C] () -- F:\Users\Wolfgang\AppData\Roaming\CamShapes.ini
[2012/04/07 07:45:20 | 000,000,408 | ---- | C] () -- F:\Users\Wolfgang\AppData\Roaming\CamLayout.ini
[2012/04/07 07:45:20 | 000,000,121 | ---- | C] () -- F:\Users\Wolfgang\AppData\Roaming\Camdata.ini
[2012/04/01 10:57:09 | 000,001,045 | ---- | C] () -- F:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011/11/05 07:39:35 | 000,000,047 | ---- | C] () -- F:\Windows\3D Text Factory.INI
[2011/06/08 18:49:03 | 000,252,928 | ---- | C] () -- F:\Windows\System32\DShowRdpFilter.dll
[2011/06/08 18:45:52 | 000,066,048 | ---- | C] () -- F:\Windows\System32\PrintBrmUi.exe
[2011/05/29 07:47:23 | 000,000,033 | ---- | C] () -- F:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/23 10:08:42 | 000,000,020 | ---- | C] () -- F:\Windows\eplan.ini
[2011/01/11 05:45:11 | 000,026,624 | R--- | C] () -- F:\Windows\TBZoom.exe
[2011/01/11 05:45:11 | 000,005,120 | R--- | C] () -- F:\Windows\TBManage.dll
[2011/01/11 05:20:28 | 000,116,224 | ---- | C] () -- F:\Windows\System32\pdfcmnnt.dll
[2010/12/05 12:15:28 | 000,000,151 | ---- | C] () -- F:\Windows\PhotoSnapViewer.INI
[2010/12/04 07:21:22 | 000,007,605 | ---- | C] () -- F:\Users\Wolfgang\AppData\Local\Resmon.ResmonCfg
[2010/12/04 06:17:20 | 000,000,097 | ---- | C] () -- F:\Users\Wolfgang\AppData\locked-default.pls.uayx
[2010/12/01 09:05:10 | 000,000,465 | ---- | C] () -- F:\Windows\videoimp.ini
[2010/12/01 09:05:05 | 000,010,240 | ---- | C] () -- F:\Windows\System32\vidx16.dll
[2010/12/01 09:04:57 | 000,000,021 | ---- | C] () -- F:\Windows\VI_setup.ini
[2010/12/01 09:01:13 | 000,102,912 | ---- | C] () -- F:\Windows\System32\JPEGCODE.DLL
[2010/12/01 09:01:13 | 000,014,061 | ---- | C] () -- F:\Windows\SC3300DS.ini
[2010/11/30 16:37:19 | 000,000,419 | ---- | C] () -- F:\Windows\MAXLINK.INI
[2010/11/22 08:09:22 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/11/22 07:48:17 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2009/07/14 04:47:43 | 000,664,420 | ---- | C] () -- F:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- F:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,134,268 | ---- | C] () -- F:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- F:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,407,176 | ---- | C] () -- F:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,623,674 | ---- | C] () -- F:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,109,796 | ---- | C] () -- F:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\System32\mlang.dat
[2009/04/14 02:43:32 | 000,154,144 | ---- | C] () -- F:\Windows\System32\RTLCPAPI.dll
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- F:\Windows\System32\OUTLPERF.INI
[2003/02/12 14:21:20 | 000,007,698 | ---- | C] () -- F:\Windows\cadx2.ini
[2001/01/08 06:09:20 | 000,012,285 | ---- | C] () -- F:\Windows\Cadx3.ini
[1997/06/14 04:56:08 | 000,056,832 | ---- | C] () -- F:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2010/11/22 08:11:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Alwil Software
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2011/04/12 13:56:23 | 000,000,000 | ---D | M] -- F:\ProgramData\Avanquest
[2011/04/12 13:55:44 | 000,000,000 | ---D | M] -- F:\ProgramData\Avanquest Software
[2011/12/31 14:15:43 | 000,000,000 | ---D | M] -- F:\ProgramData\AVAST Software
[2012/04/07 06:22:01 | 000,000,000 | ---D | M] -- F:\ProgramData\boost_interprocess
[2011/04/12 14:04:47 | 000,000,000 | ---D | M] -- F:\ProgramData\BVRP Software
[2010/11/22 13:21:30 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2012/04/25 13:16:33 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2010/12/03 07:48:19 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2012/04/26 12:12:26 | 000,000,000 | ---D | M] -- F:\ProgramData\elsterformular
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/07/03 09:58:30 | 000,000,000 | ---D | M] -- F:\ProgramData\Freemake
[2011/05/29 07:47:00 | 000,000,000 | ---D | M] -- F:\ProgramData\FreeRIP
[2011/04/26 02:27:49 | 000,000,000 | ---D | M] -- F:\ProgramData\Installations
[2012/01/28 15:07:10 | 000,000,000 | ---D | M] -- F:\ProgramData\Nokia
[2012/03/13 10:49:18 | 000,000,000 | ---D | M] -- F:\ProgramData\NokiaInstallerCache
[2011/04/26 02:37:15 | 000,000,000 | ---D | M] -- F:\ProgramData\PC Suite
[2010/11/30 16:37:18 | 000,000,000 | ---D | M] -- F:\ProgramData\ScanSoft
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/04/07 05:14:48 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2011/05/21 02:28:01 | 000,000,000 | ---D | M] -- F:\ProgramData\Viewpoint
[2012/04/26 12:13:13 | 000,000,000 | ---D | M] -- F:\ProgramData\Vodafone
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/04/26 12:13:13 | 000,000,000 | -HSD | M] -- F:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/20 11:00:45 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/04/08 07:47:16 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2012/04/07 05:08:44 | 000,000,000 | ---D | M] -- F:\downloads
[2010/11/22 08:04:05 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2010/12/04 07:14:43 | 000,000,000 | ---D | M] -- F:\PerfLogs
[2012/04/25 23:34:50 | 000,000,000 | R--D | M] -- F:\Program Files
[2012/04/25 23:35:15 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\Programme
[2012/04/26 12:19:32 | 000,000,000 | ---D | M] -- F:\Realtec
[2010/11/22 07:13:57 | 000,000,000 | -HSD | M] -- F:\Recovery
[2012/04/26 12:10:21 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2010/11/22 07:14:40 | 000,000,000 | R--D | M] -- F:\Users
[2012/04/25 22:38:59 | 000,000,000 | ---D | M] -- F:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/11/04 14:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/11/04 14:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- F:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- F:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- F:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- F:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- F:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- F:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- F:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- F:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- F:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\system32\fontext.dll
[2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
26.04.2012, 17:11
| #10 |
| /// Malware-holic | Verschlüsselungs Trojaner auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - HKU\Wolfgang_ON_F..\Run: [Realtecdriver] F:\Users\Wolfgang\AppData\Roaming\Realtec\Realtecdriver.exe (THHiq)
O4 - HKU\Wolfgang_ON_F..\Run: [287D1822] F:\Windows\System32\16475EAB287D18221689.exe (THHiq)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Wolfgang_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Wolfgang_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\16475EAB287D18221689.exe) - F:\Windows\System32\16475EAB287D18221689.exe (THHiq)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
:Files
:Commands
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2012, 07:36
| #11 |
| | Verschlüsselungs Trojaner Guten morgen, habe es so versucht wie beschrieben. Die Datei Fix.txt wurde nicht automatisch geladen. dann habe ich die Datei in das untere Fenster reinkopiert und erneut den Button RunFix betätigt. Der PC liest die datei ein. Anschließend ein Fenster das der PC zum Abschluß neu gestartet werden muss, mit Ja beantwortet. Sowohl mit als auch ohne OTLPE Disc hängt der pc sich auf, nicht geschieht. einzige möglichkeit, Neustart über RESET. Hallo, ich nochmal, habe nun am infizierten rechner nochmal im abgesicherten Modus die datei Fix.Txt in das Fenster kopiert, dann geht es auf einmal, normalstart und keine Virenmeldung mehr. Muss ich jetzt noch was machen, oder kann ich davon ausgehen das der trojaner weg ist ?? Danke für eure hilfe, Gruß wolfgang |
|
27.04.2012, 10:55
| #12 |
| /// Malware-holic | Verschlüsselungs Trojaner sind deine dateien verschlüsselt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2012, 16:12
| #13 |
| /// Malware-holic | Verschlüsselungs Trojaner wenn ja: mache ein backup deiner dateien die verschlüsselt sind dann entschlüsseln: http://www.trojaner-board.de/114224-...-unlocker.html teile mir mit obs geklappt hatt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Verschlüsselungs Trojaner |
| absoluter, hoffe, liebe, lieben, troja, trojane, trojaner, verschlüsselungs, verschlüsselungs trojaner |
Linear-Darstellung
