Der Verschlüsselungstrojaner mal wieder

Davolon · 26.04.2012, 22:13

Hallo, ich habe wie momentan viele hier das Problem das ich diese verdammte Anlage geöffnet habe... Nunja, ich habe versucht OTL auf meinem Pc zu starten und mit Markusg seinem Script zu füttern, nur hieß es dann auch bei mir out of memory, jetzt hab ich es ohne das script gestartet und es wurde auch fertig, nur kann ich die Dateien nicht finden...

ich starte jetzt mal den Pc neu und hoffe auf das beste...

Vielleicht hat ja noch jemand Tipps...

markusg · 27.04.2012, 11:13

die datei öffnet sich doch automatisch, versuchs noch mal.

Davolon · 27.04.2012, 13:38

Also diesmal gings dann^^ habe jetzt hier die Log Datei, bin nur grade etwas verwirrt...
Hier oben steht ja das ich mir Malwarebytes runterladen soll... soll ich das jetzt machen oder soll ich das über OTl fixen?
Wenn über Malwarebytes, wo soll ich das installieren?...
In REATOTO-X-PE?
oder im Abgesicherten Modus?
Help^^
Hoffe ich mache das mit dem einfügen richtig...

Code:

ATTFilter

OTL logfile created on: 4/27/2012 6:14:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Seven Black Edition  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 335.85 Gb Total Space | 1.94 Gb Free Space | 0.58% Space Free | Partition Type: NTFS
Drive D: | 109.90 Gb Total Space | 14.90 Gb Free Space | 13.56% Space Free | Partition Type: NTFS
Drive E: | 20.00 Gb Total Space | 2.20 Gb Free Space | 11.00% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 798.58 Mb Free Space | 81.18% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/07/13 21:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2009/10/11 16:46:33 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV:64bit: - [2009/06/10 17:21:25 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2008/09/01 16:16:40 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2006/05/10 04:20:28 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Disabled] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\David_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
IE - HKU\David_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\David_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\David_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 1A 7D E9 E4 D3 CB 01  [binary data]
IE - HKU\David_ON_D\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\David_ON_D\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\David_ON_D\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - Reg Error: Key error. File not found
IE - HKU\David_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\David_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
 
IE - HKU\LocalService_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  File not found
 
IE - HKU\NetworkService_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  File not found
 
IE - HKU\New_ACC_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\New_ACC_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\New_ACC_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D3 98 D2 FB 22 CD 01  [binary data]
IE - HKU\New_ACC_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  File not found
IE - HKU\New_ACC_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\UpdatusUser_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@doubletwist.com/NPPodcast:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\backup windows 7 releasecandidate\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\backup windows 7 releasecandidate\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: J:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: J:\Program Files (x86)\Mozilla Thunderbird\plugins
 
 
O1 HOSTS File: ([2010/05/25 16:36:05 | 000,000,811 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 ad.ghura.pl
O1 - Hosts: 127.0.0.1 ru.brans.pl
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} -  File not found
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -  File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -  File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} -  File not found
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\David_ON_D\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  File not found
O3 - HKU\David_ON_D\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} -  File not found
O3 - HKU\New_ACC_ON_D\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} -  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0]  File not found
O4:64bit: - HKLM..\Run: [BCSSync]  File not found
O4:64bit: - HKLM..\Run: [Cm108Sound]  File not found
O4:64bit: - HKLM..\Run: [MSC]  File not found
O4:64bit: - HKLM..\Run: [PC-Wecker 4.00 by IP-MAN]  File not found
O4:64bit: - HKLM..\Run: [XboxStat]  File not found
O4 - HKLM..\Run: [APSDaemon]  File not found
O4 - HKLM..\Run: [HTC Sync Loader]  File not found
O4 - HKLM..\Run: [QuickTime Task]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [VirtualCloneDrive]  File not found
O4 - HKU\.DEFAULT..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\.DEFAULT..\Run: [Welcome Center]  File not found
O4 - HKU\David_ON_D..\Run: [Akamai NetSession Interface]  File not found
O4 - HKU\David_ON_D..\Run: [CA934450]  File not found
O4 - HKU\David_ON_D..\Run: [Realtecdriver]  File not found
O4 - HKU\David_ON_D..\Run: [Skype]  File not found
O4 - HKU\David_ON_D..\Run: [TweakRAM]  File not found
O4 - HKU\David_ON_D..\Run: [uTorrent]  File not found
O4 - HKU\David_ON_D..\Run: [VeohPlugin]  File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar]  File not found
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar]  File not found
O4 - HKU\UpdatusUser_ON_D..\Run: [Sidebar]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\David_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\David_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\David_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\New_ACC_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra Button: @J:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -  File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -  File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} -  File not found
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -  File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30 - LSA: Authentication Packages - (msv1_0) -  File not found
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (kerberos) -  File not found
O30 - LSA: Security Packages - (msv1_0) -  File not found
O30 - LSA: Security Packages - (schannel) -  File not found
O30 - LSA: Security Packages - (wdigest) -  File not found
O30 - LSA: Security Packages - (tspkg) -  File not found
O30 - LSA: Security Packages - (pku2u) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/23 17:47:31 | 000,000,000 | ---D | C] -- D:\Users\David\Documents\BioWare
[2012/04/20 08:38:07 | 000,000,000 | ---D | C] -- D:\Users\David\Desktop\aircrack-ng-1.1-win
[2012/04/10 13:50:45 | 000,000,000 | ---D | C] -- D:\Users\David\Documents\Remote Assistance Logs
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/25 10:28:15 | 000,019,978 | ---- | M] () -- C:\locked-amazing.pdf.xlga
[2012/04/10 13:50:27 | 000,001,272 | ---- | M] () -- D:\Users\David\Desktop\Einladung.msrcIncident
[2012/03/29 17:04:37 | 000,230,797 | ---- | M] () -- D:\Users\David\Desktop\Capture.PNG
[2012/03/29 16:49:44 | 000,134,266 | ---- | M] () -- D:\Users\David\Desktop\Capture3.PNG
[2012/03/29 16:47:33 | 000,185,195 | ---- | M] () -- D:\Users\David\Desktop\Capture2.PNG
[2012/03/29 16:43:04 | 000,090,862 | ---- | M] () -- D:\Users\David\Desktop\Capture1.PNG
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/10 13:50:26 | 000,001,272 | ---- | C] () -- D:\Users\David\Desktop\Einladung.msrcIncident
[2012/03/29 17:04:36 | 000,230,797 | ---- | C] () -- D:\Users\David\Desktop\Capture.PNG
[2012/03/29 16:49:44 | 000,134,266 | ---- | C] () -- D:\Users\David\Desktop\Capture3.PNG
[2012/03/29 16:47:32 | 000,185,195 | ---- | C] () -- D:\Users\David\Desktop\Capture2.PNG
[2012/03/29 16:43:03 | 000,090,862 | ---- | C] () -- D:\Users\David\Desktop\Capture1.PNG
[2010/05/03 14:07:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/24 17:30:14 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/01/03 17:46:44 | 000,001,035 | ---- | C] () -- C:\Windows\disney.ini
[2008/12/23 18:03:26 | 000,395,817 | ---- | C] () -- C:\Program Files\data3.pak
[2008/12/16 09:24:19 | 000,000,000 | ---- | C] () -- C:\Windows\moto.INI
[2008/12/14 18:43:30 | 000,001,274 | ---- | C] () -- C:\Windows\GTA-SA_Trn_Settings.ini
[2008/12/14 10:40:34 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2008/12/10 17:22:00 | 000,000,000 | ---- | C] () -- C:\Windows\MusicStudio.INI
[2008/11/27 09:06:01 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2008/11/06 17:13:31 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2008/10/16 19:22:17 | 000,000,924 | ---- | C] () -- C:\Windows\posteriza.INI
[2008/10/16 05:38:01 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2008/10/08 13:11:40 | 000,000,025 | -H-- | C] () -- C:\Windows\erty.dat
[2008/09/10 08:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\MusicMaker.INI
[2008/08/10 02:26:48 | 000,000,055 | ---- | C] () -- C:\Windows\videotoaudio.ini
[2008/07/14 17:40:22 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008/07/14 17:40:22 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008/07/14 17:40:22 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008/06/15 13:55:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/03 14:40:16 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/06/03 13:16:20 | 000,000,284 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/06/02 16:40:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/05/26 09:02:37 | 000,000,521 | ---- | C] () -- C:\Windows\eReg.dat
[2008/03/31 09:47:15 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/03/31 09:24:18 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2003/04/05 08:33:26 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat
 
========== LOP Check ==========
 
[2010/05/03 14:07:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/05/26 09:53:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/05/03 14:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Buena Vista Games
[2010/05/03 14:08:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/05/03 14:09:09 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/05/03 14:07:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/05/03 14:09:10 | 000,000,000 | ---D | M] -- C:\ProgramData\egdata
[2010/12/29 17:14:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/05/03 14:09:10 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2010/05/03 14:07:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/05/03 14:09:10 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2010/05/03 14:09:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab
[2010/07/17 18:34:01 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/05/20 16:47:03 | 000,000,000 | ---D | M] -- C:\ProgramData\MySQL
[2010/05/03 14:10:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayMovie
[2010/05/03 14:10:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2010/05/04 15:09:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Saitek
[2010/05/03 14:10:48 | 000,000,000 | ---D | M] -- C:\ProgramData\ScreenCapture
[2010/05/03 14:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonavis
[2010/05/03 14:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2010/05/03 14:11:02 | 000,000,000 | ---D | M] -- C:\ProgramData\SRS Labs
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/05/03 14:07:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/05/20 16:47:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Team MediaPortal
[2008/06/29 11:57:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/05/18 14:29:06 | 000,000,000 | ---D | M] -- C:\ProgramData\TerraTec
[2010/05/03 14:11:02 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2010/05/03 14:11:02 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/05/13 09:38:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/05/03 14:11:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2010/05/03 14:07:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/05/03 14:11:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WEB.DE
[2010/05/03 14:11:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/05/03 14:11:03 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/03 14:11:03 | 000,000,000 | ---D | M] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/03 14:11:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/01/13 16:48:26 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010/05/26 11:47:24 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2008/08/06 09:51:47 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2009/07/14 00:53:46 | 000,008,944 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/26 11:52:36 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/26 11:52:35 | 000,000,288 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
< End of report >

markusg · 27.04.2012, 19:13

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\David_ON_D..\Run: [Realtecdriver]  File not found
O7 - HKU\David_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\David_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
:Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Davolon · 27.04.2012, 21:18

Habe grade den FIX durchlaufen lassen. Hab grade neugestartet aber windows führt erst mal CHKDSK aus... O.o soll das so sein...
musste auch manuell neustarten...

Außerdem, wie ist das, ich werde von OTL immer nach dem windows verzeichnis gefragt, habe aber mehrere Partitionen... checkt das dann nur eine durch?... Sorry wenn ich hier grade wirke wie ein DAU aber... ich bin ein bisschen durcheinander XD

Okay habe jetzt neugestartet... Sooo...
alles schientz zu gehen, nur, ich habe auf dem PC insgesamt 4 Partitionen. C, D, J und G
Auf C ist mein altes win XP drauf und auf J ist windows 7.Die anderen sind Datenlaufwerke.
Bei W7 ist der Trojaner aufgetreten aber auf allen Laufwerken sind Dateien verschlüsselt. Jedoch nicht alle O.o und auch nicht alle nur von einer Sorte... Als Beispiel .avi Dateien. Die meisten sind locked und einige sind es nciht O.o wie soll ich das dann machen mit dem encoden?..

markusg · 28.04.2012, 18:54

hi, darum kümmern wir uns jetzt.
mache ein backup deiner wichtigen dateien die verschlüsselt sind
auf ein externes laufwerk
dann entschlüsseln:
http://www.trojaner-board.de/114224-...-unlocker.html
teile mir mit obs geklappt hatt

27.04.2012, 11:13	#2
markusg /// Malware-holic	Der Verschlüsselungstrojaner mal wieder die datei öffnet sich doch automatisch, versuchs noch mal. __________________ __________________

28.04.2012, 18:54	#6
markusg /// Malware-holic	Der Verschlüsselungstrojaner mal wieder hi, darum kümmern wir uns jetzt. mache ein backup deiner wichtigen dateien die verschlüsselt sind auf ein externes laufwerk dann entschlüsseln: http://www.trojaner-board.de/114224-...-unlocker.html teile mir mit obs geklappt hatt __________________ --> Der Verschlüsselungstrojaner mal wieder

Der Verschlüsselungstrojaner mal wieder

Log-Analyse und Auswertung: Der Verschlüsselungstrojaner mal wieder