Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Verschlüsselungs Trojaner -.-

Windows Verschlüsselungs Trojaner -.-


Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner -.-

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 02.05.2012, 18:35   #1
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Hi,

so also nachdem meine Mutter diese dubiose E-Mail erhalten hat, musste Sie natürlich auch den Anhang direkt öffnen.

Bekannt ist ja was nun geschieht beim starten kommt diese Meldund von wegen man müsste das Geld bezahlen um weiter zukommen.

Ich habe die OTLP Cd gebrannt und grade schonmal auf Ihrem Laptop zum laufen bekommen und hoffe derweil das es alles gut geht.

I.eine Idee wie lange der Durchlauf ungefähr braucht ?

Der hängt derzeit bei:


Manual File Scan - Getting folder structure

Und wenn ich die OTLP exe starte fragt er mich nur nach o you wish to load remote user profile(s) for scanning und die Frage nach: Do you wish to load the remote registry fällt weg.

Wenn ich danach den Hacken bei Automatically Load All Remaining Users wegmache, muss ich ja trzdm eines von mir 4 angezeigten Profilen nehmen oder ?
----------------------------

So Edit: und übrigens super Forum und nette Hilfe alleine wäre ich kein bisschen weiter gekommen mit dem Trojaner

habe alles hinbekommen und
nachdem ich jz einfach nichts in die Textbox geschrieben habe is der Scan erfolgreich gewesen.

Nun bekomme ich folgende log Datei:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/2/2012 8:46:23 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.32 Gb Total Space | 112.42 Gb Free Space | 40.39% Space Free | Partition Type: NTFS
Drive E: | 19.76 Gb Total Space | 6.69 Gb Free Space | 33.88% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 3.58 Gb Free Space | 95.82% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/25 04:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/12 13:02:26 | 000,918,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/10 05:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 05:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/09 06:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/05/15 15:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009/03/23 06:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/03/23 06:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/11/07 06:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/09/02 08:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008/08/29 14:11:38 | 002,180,392 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)
SRV - [2008/08/04 10:45:56 | 000,304,688 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/02/28 12:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WtSmpFlt)
DRV - File not found [Kernel | On_Demand] --  -- (wtsmpadap)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (KUSBusByTCPMasterBus)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/02/09 06:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/08/28 08:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)
DRV - [2008/08/28 08:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2008/08/07 22:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/05 18:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/04 10:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/08/04 10:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/08/04 10:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/07/10 05:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/06/18 11:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/17 05:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/31 05:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/03/09 21:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport)
DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/17 04:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp
IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\dagmar_ON_C\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 04:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 20:52:38 | 000,000,000 | ---D | M]
 
[2008/11/17 17:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions
[2012/05/02 11:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions\avg@toolbar
[2011/05/28 07:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com
[2011/11/12 10:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2008/12/11 11:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
File not found (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/25 04:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/24 10:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/12 13:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/24 10:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 10:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/24 10:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/24 10:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/24 10:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\dagmar_ON_C\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\dagmar_ON_C\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\dagmar_ON_C..\Run: [B2971A31] C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe ()
O4 - HKU\dagmar_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/02 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/02 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn
[2012/04/30 13:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/30 13:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/30 13:08:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/30 10:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center
[2012/04/30 10:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2012/04/25 04:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2008/08/28 05:58:13 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/08/28 05:58:13 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/02 14:17:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 14:17:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 13:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 13:18:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/02 13:17:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/02 13:17:56 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012/05/02 12:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012/05/02 12:06:51 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/05/02 12:06:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/02 12:06:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/05/02 12:06:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/02 11:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz
[2012/05/02 11:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz
[2012/05/02 11:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc
[2012/05/02 11:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs
[2012/05/02 11:32:56 | 000,000,153 | ---- | M] () -- C:\Users\dagmar\AppData\locked-default.pls.slzs
[2012/05/02 11:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/30 13:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 13:10:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/30 13:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/30 10:41:14 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Installationsassistent2.lnk
[2012/04/30 10:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2012/04/30 10:40:37 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\ABUS IP-Installer.lnk
 
========== Files Created - No Company Name ==========
 
[2012/04/30 13:14:19 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/30 13:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 10:41:14 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Installationsassistent2.lnk
[2012/04/30 10:40:37 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\ABUS IP-Installer.lnk
[2012/04/18 04:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/14 12:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys
[2011/10/14 12:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe
[2011/10/14 12:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe
[2011/10/14 12:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe
[2011/10/14 12:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll
[2011/10/14 12:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll
[2011/10/14 12:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll
[2011/09/08 17:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C}
[2011/09/08 17:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE}
[2011/09/08 06:20:28 | 000,000,153 | ---- | C] () -- C:\Users\dagmar\AppData\locked-default.pls.slzs
[2011/07/13 01:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E}
[2011/07/13 01:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010}
[2010/05/07 18:12:06 | 000,015,022 | ---- | C] () -- C:\Windows\UN060501.INI
[2010/03/15 14:45:06 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2009/10/19 14:36:48 | 000,004,366 | ---- | C] () -- C:\Windows\UN090928.INI
[2009/06/18 01:50:02 | 000,000,680 | ---- | C] () -- C:\Users\dagmar\AppData\Local\d3d9caps.dat
[2009/02/13 12:59:56 | 000,026,624 | ---- | C] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/10 12:39:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/04 03:05:26 | 000,004,592 | ---- | C] () -- C:\Users\dagmar\AppData\Roaming\wklnhst.dat
[2008/12/11 11:25:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/11/17 17:18:35 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2008/11/17 17:16:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2008/09/02 07:45:19 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/08/28 11:46:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2008/08/28 08:27:57 | 000,066,856 | ---- | C] () -- C:\Windows\System32\drivers\FPWinIo.sys
[2008/08/28 08:15:44 | 000,628,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/08/28 08:15:44 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/08/28 08:15:44 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/08/28 08:15:44 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/08/28 08:02:32 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008/08/28 08:02:32 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/08/28 06:33:16 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/08/28 05:58:13 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/08/28 05:58:13 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2008/08/28 05:58:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/08/28 05:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/08/28 05:35:46 | 000,119,296 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/08/28 04:31:15 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/08/28 04:31:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\29563E424B.sys
[2008/08/28 00:25:39 | 000,000,143 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/08/27 22:21:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/27 21:43:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/06/18 11:04:34 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/01/20 22:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,430,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2008/11/13 06:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH
[2012/03/12 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign
[2011/08/31 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2
[2012/05/02 11:23:30 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn
[2010/06/10 15:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org
[2009/04/07 07:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless
[2009/02/04 03:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template
[2012/05/02 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid
[2012/03/09 07:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software
[2012/05/02 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT
[2009/03/05 13:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2
[2011/08/10 06:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions
[2012/05/02 13:17:56 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012/05/02 13:18:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/02 12:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---
Geändert von Sayri (02.05.2012 um 18:52 Uhr)

Alt 02.05.2012, 19:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________
Alt 02.05.2012, 19:34   #3
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


ok danke für die Antwort ich versuche es jz mal.

Nein klappt leider nicht, startet sich von alleine neu.
__________________
Alt 02.05.2012, 19:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Zitat:
Nein klappt leider nicht, startet sich von alleine neu.
Was genau heißt das? Wo genau startet es sich von allein neu?
Der normale Modus scheint ja zu blockiert zu werden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 19:54   #5
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Wenn ich im normalen Modus starte, komme ich auf den Desktop und dann sofort in dieses Trojaner interface,

Wenn ich im abgesicherten Modus starte, dann lädt der diese ganzen schriften rein, man sieht kurz den Cursor und dann startet sich der Computer neu und fährt im "normalen" Modus hoch.


Alt 02.05.2012, 20:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKU\dagmar_ON_C..\Run: [B2971A31] C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Files
C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
--> Windows Verschlüsselungs Trojaner -.-

Alt 02.05.2012, 20:30   #7
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Ok fix ist durch: hier das Logfile:

========== OTL ==========
Registry value HKEY_USERS\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\B2971A31 deleted successfully.
C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File E:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{091292ec-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{091292ec-75e8-11de-929e-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09129313-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09129313-75e8-11de-929e-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f045-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f045-004e-11de-a894-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f06b-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f06b-004e-11de-a894-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /action not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /uninstall not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 05022012_222835

Wowwwww danke ich komme wieder auf den Laptop, ich suche nun mal die OTL Datei


vielen vielen dank echt gute skills

Datei: _OTL.rar empfangen

Vorgang erfolgreich abgeschlossen.



So auch die Datei ist auf eurem Server,

bin ich soweit durch oder muss ich noch was machen?

Alt 02.05.2012, 20:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 20:52   #9
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.02.06

Windows Vista Service Pack 1 x86 FAT32
Internet Explorer 8.0.6001.19088
dagmar :: MAMA-PC [Administrator]

02.05.2012 21:44:01
mbam-log-2012-05-02 (21-44-01).txt

Art des Suchlaufs: Voll-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207054
Laufzeit: 5 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\System\CurrentControlSet\Services\svchost (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 02.05.2012, 20:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Der Vollscan ist bei dir nach 5 Minuten fertig? Das halte ich für fragwürdig
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 21:21   #11
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


ich habe den scan nochmal gestartet, war da auch etwas irritiert.

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
das ist der Log von Eset

und das ist der log von dem Suchlauf über die Software

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.02.06

Windows Vista Service Pack 1 x86 FAT32
Internet Explorer 8.0.6001.19088
dagmar :: MAMA-PC [Administrator]

02.05.2012 21:56:42
mbam-log-2012-05-02 (21-56-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 443157
Laufzeit: 1 Stunde(n), 55 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\$recycle.bin\s-1-5-21-1186228194-2826595677-3955999054-1001\$rzf385w\movedfiles\05022012_222835\c_users\dagmar\appdata\roaming\nmtgqpxlyn\321bfd41b2971a315607.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 03.05.2012, 07:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


ESET hast du falsch gemacht. Stand extra ein dicker Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.05.2012, 20:11   #13
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Soo, habe nochmal ESET laufen lassen dismal richtig hoffe ich.


Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01051b5e26023441adda1bbc4db7c7db
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-06 01:32:20
# local_time=2012-05-06 03:32:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 173839335 0 0
# compatibility_mode=8192 67108863 100 0 318141 318141 0 0
# scanned=81059
# found=28
# cleaned=28
# scan_time=4533
C:\$RECYCLE.BIN\S-1-5-21-1186228194-2826595677-3955999054-1001\$R4K0YEY.rar	a variant of Win32/Injector.QUK trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\aso3sys.dll	probably a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\ASOHelper.dll	a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe	a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\SendLogs.exe	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\bg\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\cs\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\DA\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\DTCH\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\el\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\ENG\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\ES\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\fi\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\FR\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\GRMN\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\hu\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\in\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\ITLY\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\JA\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\no\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\pl\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\pt\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\ro\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\sv\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\th\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\TR\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\ZH\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Reviversoft\Registry Reviver\zhcn\regclean.ini	Win32/RegistryReviver application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01051b5e26023441adda1bbc4db7c7db
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-06 04:04:41
# local_time=2012-05-06 06:04:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 173844017 0 0
# compatibility_mode=8192 67108863 100 0 322823 322823 0 0
# scanned=221132
# found=1
# cleaned=0
# scan_time=8991
C:\Users\dagmar\Downloads\RegistryReviverSetup.exe	a variant of Win32/RegistryReviver application (unable to clean)	00000000000000000000000000000000	I

Alt 07.05.2012, 09:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


Zitat:
C:\Users\dagmar\Downloads\RegistryReviverSetup.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2012, 13:38   #15
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-


hi

nein, also außer das überall diese nicht zu öffnenden "locked-..." Datein sind ist alles normal, der Laptop fährt normal hoch und alle Ordner sind da, auch keine leeren Ordner.

Antwort
Seite 1 von 2 1 2

Themen zu Windows Verschlüsselungs Trojaner -.-
anhang, arten, avg secure search, avg security toolbar, beim starten, bezahlen, bingbar, brauch, conduit, direkt, dubiose, durchlauf, e-mail, erhalte, erhalten, geld, geschieht, hoffe, lange, laptop, laufen, locker, mywinlocker, natürlich, plug-in, remote user, schonmal, secure search, sierra, softonic, softonic deutsch toolbar, starte, starten, super, troja, trojaner, verschlüsselungs, version=1.0, vtoolbarupdater, windows


« 100-Euro Virus | Trojaner via ICQ erhalten // TR/Drop.Delf.gn [Trojan] (laut Avira) »


Ähnliche Themen: Windows Verschlüsselungs Trojaner -.-


  1. Verschlüsselungs Trojaner Windows XP
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  2. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  3. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  4. (2x) Windows Verschlüsselungs Trojaner
    Mülltonne - 08.06.2012 (1)
  5. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  6. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 06.06.2012 (3)
  7. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (45)
  8. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  9. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (1)
  10. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 07.05.2012 (1)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  13. Windows verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (11)
  14. Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (1)
  15. Windows-Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 28.04.2012 (3)
  16. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  17. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 27.04.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Verschlüsselungs Trojaner -.- - Hi, so also nachdem meine Mutter diese dubiose E-Mail erhalten hat, musste Sie natürlich auch den Anhang direkt öffnen. Bekannt ist ja was nun geschieht beim starten kommt diese Meldund - Windows Verschlüsselungs Trojaner -.-...
Archiv
Du betrachtest: Windows Verschlüsselungs Trojaner -.- auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131