| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Verschlüsselungs Trojaner 2048 Bit PGP-RSAWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
26.04.2012, 19:14
| #1 |
| |  Windows Verschlüsselungs Trojaner 2048 Bit PGP-RSA Hilfe! Habe mir das Programm jetzt auf CD gebrannt, komme auch auf dem infizierten Rechner auf OTLPE, kann aber den Text nicht in die Custom Scans kopieren, weil ich mit dem Rechner nicht mehr ins Internet komme. Er findet kein Netzwerk mehr, soweit ich des Englischen mächtig bin. Habe den Text in eine OpenOffice-Datei kopiert und wollte dann über USB auf den infizierten Rechner kopieren, aber der kann die Datei nicht öffnen. Und jetzt????? Vollkommen verzweifelt Tonia Ach so, zu der Internet-Verbindung: Als Meldung kommt: Windows cannot configure this wireless connection. Ist das einfach zu beheben? Ich soll WZC-Service starten um die Wlan-Verbindung zu konfigurieren. Kenne ich aber auch nicht... Nachtrag: habe den Text über Notepad kopiert, kam zwar etwas verändert auf dem befallenen PC an, aber jetzt läuft der Scan... mal schauen, ob ich dann noch heraus bekomme, welche 2 logs ich posten soll. Habe auch ein bißchen Angst, dass ich auf diese Art und Weise auch noch den geliehenen Nachbar-Laptop infiziere, wenn ich meine Daten nachher hier drauf lade... Nun Hoffnung schöpfend Tonia Nachtrag: habe den Text über Notepad kopiert, kam zwar etwas verändert auf dem befallenen PC an, aber jetzt läuft der Scan... mal schauen, ob ich dann noch heraus bekomme, welche 2 logs ich posten soll. Habe auch ein bißchen Angst, dass ich auf diese Art und Weise auch noch den geliehenen Nachbar-Laptop infiziere, wenn ich meine Daten nachher hier drauf lade... OTL logfile created on: 4/26/2012 9:45:21 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34.81 Gb Total Space | 7.65 Gb Free Space | 21.99% Space Free | Partition Type: NTFS Drive D: | 1.95 Gb Total Space | 1.95 Gb Free Space | 100.00% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2011/12/15 09:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/12/15 09:59:40 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/12/15 09:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/08/13 06:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/05/08 07:48:36 | 000,229,376 | ---- | M] () [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/03/04 05:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007/09/26 12:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | Auto] -- -- (PMEM) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/02/20 01:51:15 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/12/15 10:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/12/15 10:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/09 10:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010/03/25 05:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010/03/20 06:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010/03/20 05:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2008/09/21 05:34:23 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2007/11/16 04:02:02 | 000,124,416 | ---- | M] (Cisco Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504) DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006/08/02 09:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R) DRV - [2005/03/22 14:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/06/27 02:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003/01/16 19:32:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR) DRV - [2002/12/25 19:32:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2002/12/25 19:32:00 | 000,008,830 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2002/11/20 08:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) DRV - [2002/07/15 07:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage) DRV - [2001/08/17 07:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2001/08/17 07:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem) DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\IBM_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\IBM_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/18 17:15:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/05/10 16:05:42 | 000,000,000 | ---D | M] [2011/11/25 01:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/03/18 17:15:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012/01/17 01:57:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/01/17 01:57:27 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/01/17 01:57:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/01/17 01:57:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/01/17 01:57:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/01/17 01:57:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2002/08/28 23:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [ACUMon] C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE () O4 - HKLM..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [StorageGuard] C:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] File not found O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKU\Administrator_ON_C..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKU\IBM_ON_C..\Run: [E45E5547] C:\WINDOWS\system32\6EA1CBE2E45E5547DC75.exe (THHiq) O4 - HKU\IBM_ON_C..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKU\IBM_ON_C..\Run: [MsgCenterExe] File not found O4 - HKU\IBM_ON_C..\Run: [Realtecdriver] C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\Realtec\Realtecdriver.exe (THHiq) O4 - HKU\IBM_ON_C..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\IBM_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\IBM_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\IBM_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216128019313 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\6EA1CBE2E45E5547DC75.exe) - C:\WINDOWS\system32\6EA1CBE2E45E5547DC75.exe (THHiq) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/15 07:21:52 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2012/04/25 04:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\Ivyxr [2012/04/25 04:47:27 | 000,067,072 | -H-- | C] (THHiq) -- C:\WINDOWS\System32\6EA1CBE2E45E5547DC75.exe [2012/04/25 04:47:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\Realtec [2012/04/20 10:28:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\.minecraft [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 13:51:00 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/26 13:50:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/26 13:50:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/26 13:50:08 | 1609,551,872 | -HS- | M] () -- C:\hiberfil.sys [2012/04/26 12:04:36 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job [2012/04/26 12:02:03 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/04/26 11:55:39 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53C77BA0-2CD3-4C6A-9B6A-482CA409F4EB}.job [2012/04/25 08:05:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012/04/25 08:04:56 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012/04/25 08:03:08 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012/04/25 08:01:04 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012/04/25 04:58:01 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/25 04:47:27 | 000,067,072 | -H-- | M] (THHiq) -- C:\WINDOWS\System32\6EA1CBE2E45E5547DC75.exe [2012/04/24 21:57:04 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325 [2012/04/24 21:56:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324 [2012/04/22 18:28:20 | 000,022,051 | ---- | M] () -- C:\Dokumente und Einstellungen\IBM\Eigene Dateien\MyFreeFarm.ods [2012/04/15 08:37:18 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012/04/11 21:13:45 | 000,449,492 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/04/11 21:13:45 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 21:13:45 | 000,080,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/04/11 21:13:45 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/11 21:08:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/02 14:21:39 | 000,054,507 | ---- | M] () -- C:\Dokumente und Einstellungen\IBM\Eigene Dateien\solvenzcheck.pdf [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/25 17:06:41 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325 [2012/04/25 17:06:41 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/04/25 17:06:41 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/04/25 17:06:40 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/04/25 17:06:40 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/04/25 17:06:40 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/04/02 14:21:39 | 000,054,507 | ---- | C] () -- C:\Dokumente und Einstellungen\IBM\Eigene Dateien\solvenzcheck.pdf [2012/02/15 05:48:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/07/21 04:37:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\IBM\Lokale Einstellungen\Anwendungsdaten\{F26CEBBD-DE31-4B9D-B6D9-41B3614B2506} [2011/07/21 04:37:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\IBM\Lokale Einstellungen\Anwendungsdaten\{947693B0-4C27-4618-8C49-09787ED76C24} [2010/08/29 06:47:35 | 000,018,632 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/02/27 06:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6f.DLL [2009/10/12 10:51:14 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hegames.ini [2009/01/26 15:03:44 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat [2009/01/26 13:44:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/10/09 14:18:09 | 000,000,178 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2008/07/23 10:26:00 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\IBM\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/15 09:10:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll [2008/07/15 07:01:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/07/15 06:54:09 | 000,000,251 | ---- | C] () -- C:\WINDOWS\Welcome.ini [2008/07/15 06:48:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2008/07/15 06:48:08 | 000,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2008/07/15 06:47:39 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE [2008/07/15 06:39:08 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/30 14:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2005/07/05 17:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2005/03/17 05:29:58 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/01/29 15:06:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002/12/23 04:05:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\vxdmdcdlg.dll [2002/11/14 19:14:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll [2002/10/01 04:05:15 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2002/10/01 03:57:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2002/10/01 03:49:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2002/10/01 03:43:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2002/10/01 03:42:35 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002/05/23 19:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll [2002/05/23 19:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll [2002/01/21 08:48:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2001/08/23 01:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN [2001/08/23 01:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT [1979/12/31 18:00:00 | 001,868,868 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL [1979/12/31 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [1979/12/31 18:00:00 | 000,449,492 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [1979/12/31 18:00:00 | 000,433,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [1979/12/31 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [1979/12/31 18:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [1979/12/31 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [1979/12/31 18:00:00 | 000,080,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [1979/12/31 18:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [1979/12/31 18:00:00 | 000,068,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [1979/12/31 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [1979/12/31 18:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [1979/12/31 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [1979/12/31 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [1979/12/31 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2008/07/15 06:56:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VERITAS [2012/04/20 10:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\.minecraft [2009/09/08 10:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\Cornelsen [2008/07/28 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\digital publishing [2011/10/24 04:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\DVDVideoSoft [2010/02/21 05:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\FWU-USM [2008/07/29 19:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\IBM [2008/07/21 18:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\InterVideo [2012/04/25 04:52:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\Ivyxr [2008/11/12 13:27:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\OpenOffice.org [2011/01/03 16:59:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\Stellarium [2008/07/17 08:41:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IBM\Anwendungsdaten\VERITAS [2010/12/22 16:07:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2008/12/14 15:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2008/07/15 06:55:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm [2010/08/25 09:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/04/26 12:04:36 | 000,000,938 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job [2012/04/26 12:02:03 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2012/04/26 11:55:39 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{53C77BA0-2CD3-4C6A-9B6A-482CA409F4EB}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/21 08:19:04 | 000,000,000 | ---D | M] -- C:\9da642082a7de9f8dc981aa0352d [2010/10/22 04:37:59 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2010/02/27 06:27:21 | 000,000,000 | ---D | M] -- C:\CanonMP [2011/01/25 09:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008/07/15 06:38:18 | 000,000,000 | ---D | M] -- C:\DRIVERS [2009/10/12 12:33:24 | 000,000,000 | ---D | M] -- C:\hegames [2008/07/15 07:22:51 | 000,000,000 | ---D | M] -- C:\I386 [2008/07/15 07:21:49 | 000,000,000 | ---D | M] -- C:\IBMTOOLS [2008/07/18 10:34:28 | 000,000,000 | ---D | M] -- C:\icons [2009/02/12 09:52:29 | 000,000,000 | ---D | M] -- C:\O!kay! [2008/07/29 18:50:47 | 000,000,000 | ---D | M] -- C:\Program Files [2012/03/25 08:53:38 | 000,000,000 | R--D | M] -- C:\Programme [2008/07/15 07:01:12 | 000,000,000 | -HSD | M] -- C:\Recycled [2008/07/15 11:20:33 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2002/09/16 19:33:12 | 000,000,000 | ---D | M] -- C:\SUPPORT [2008/07/15 11:23:14 | 000,000,000 | ---D | M] -- C:\swshare [2012/04/25 07:08:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008/07/18 10:33:16 | 000,000,000 | ---D | M] -- C:\VALUEADD [2012/04/12 02:03:43 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > |
|
| Themen zu Windows Verschlüsselungs Trojaner 2048 Bit PGP-RSA |
| ahnung, angeblich, besser, bild, center, e-mail, eingebe, einzige, gestern, heute, hilfe!, nachricht, neu, nichts, pcs, rechnung, sofort, starte, starten, trojaner, verschlüsselungs trojaner, windows, windows verschlüsselungs trojaner, wirklich, überhaupt, zahlen |
Hybrid-Darstellung
