|
Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner -.-Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.05.2012, 18:35 | #1 |
| Windows Verschlüsselungs Trojaner -.- Hi, so also nachdem meine Mutter diese dubiose E-Mail erhalten hat, musste Sie natürlich auch den Anhang direkt öffnen. Bekannt ist ja was nun geschieht beim starten kommt diese Meldund von wegen man müsste das Geld bezahlen um weiter zukommen. Ich habe die OTLP Cd gebrannt und grade schonmal auf Ihrem Laptop zum laufen bekommen und hoffe derweil das es alles gut geht. I.eine Idee wie lange der Durchlauf ungefähr braucht ? Der hängt derzeit bei: Manual File Scan - Getting folder structure Und wenn ich die OTLP exe starte fragt er mich nur nach o you wish to load remote user profile(s) for scanning und die Frage nach: Do you wish to load the remote registry fällt weg. Wenn ich danach den Hacken bei Automatically Load All Remaining Users wegmache, muss ich ja trzdm eines von mir 4 angezeigten Profilen nehmen oder ? ---------------------------- So Edit: und übrigens super Forum und nette Hilfe alleine wäre ich kein bisschen weiter gekommen mit dem Trojaner habe alles hinbekommen und nachdem ich jz einfach nichts in die Textbox geschrieben habe is der Scan erfolgreich gewesen. Nun bekomme ich folgende log Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/2/2012 8:46:23 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278.32 Gb Total Space | 112.42 Gb Free Space | 40.39% Space Free | Partition Type: NTFS Drive E: | 19.76 Gb Total Space | 6.69 Gb Free Space | 33.88% Space Free | Partition Type: FAT32 Drive F: | 3.73 Gb Total Space | 3.58 Gb Free Space | 95.82% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/04/25 04:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/12 13:02:26 | 000,918,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/02/10 05:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 05:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2012/02/09 06:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009/05/15 15:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2009/03/23 06:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009/03/23 06:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008/11/07 06:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008/09/02 08:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008/08/29 14:11:38 | 002,180,392 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC) SRV - [2008/08/04 10:45:56 | 000,304,688 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008/02/28 12:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WtSmpFlt) DRV - File not found [Kernel | On_Demand] -- -- (wtsmpadap) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (KUSBusByTCPMasterBus) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2012/02/09 06:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2008/08/28 08:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo) DRV - [2008/08/28 08:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys) DRV - [2008/08/07 22:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/08/06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/08/05 18:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/08/04 10:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008/08/04 10:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008/08/04 10:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008/07/10 05:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008/06/18 11:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2008/04/28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008/03/17 05:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/07/31 05:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007/03/09 21:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport) DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006/11/17 04:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\dagmar_ON_C\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 04:48:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 20:52:38 | 000,000,000 | ---D | M] [2008/11/17 17:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Extensions [2012/05/02 11:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions [2012/05/02 11:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions\avg@toolbar [2011/05/28 07:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com [2011/11/12 10:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2008/12/11 11:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX File not found (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/04/25 04:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/24 10:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/03/12 13:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/24 10:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/24 10:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/24 10:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/24 10:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/24 10:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\dagmar_ON_C\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\dagmar_ON_C\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [iTunesHelper] File not found O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\dagmar_ON_C..\Run: [B2971A31] C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe () O4 - HKU\dagmar_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\AutoRun\command - "" = G:\Autorun.exe /run O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell00\Command - "" = G:\Autorun.exe /run O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell01\Command - "" = G:\Autorun.exe /action O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell - "" = AutoRun O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/05/02 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/02 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn [2012/04/30 13:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/04/30 13:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/04/30 13:08:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/04/30 10:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center [2012/04/30 10:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center [2012/04/25 04:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2008/08/28 05:58:13 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008/08/28 05:58:13 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2012/05/02 14:17:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/02 14:17:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/02 13:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/02 13:18:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/05/02 13:17:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/02 13:17:56 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012/05/02 12:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012/05/02 12:06:51 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/05/02 12:06:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/02 12:06:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/05/02 12:06:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/02 11:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz [2012/05/02 11:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz [2012/05/02 11:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc [2012/05/02 11:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs [2012/05/02 11:32:56 | 000,000,153 | ---- | M] () -- C:\Users\dagmar\AppData\locked-default.pls.slzs [2012/05/02 11:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/04/30 13:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/30 13:10:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/04/30 13:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/04/30 10:41:14 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Installationsassistent2.lnk [2012/04/30 10:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center [2012/04/30 10:40:37 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\ABUS IP-Installer.lnk ========== Files Created - No Company Name ========== [2012/04/30 13:14:19 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012/04/30 13:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/30 10:41:14 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Installationsassistent2.lnk [2012/04/30 10:40:37 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\ABUS IP-Installer.lnk [2012/04/18 04:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/10/14 12:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys [2011/10/14 12:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe [2011/10/14 12:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe [2011/10/14 12:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe [2011/10/14 12:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll [2011/10/14 12:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll [2011/10/14 12:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll [2011/09/08 17:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C} [2011/09/08 17:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE} [2011/09/08 06:20:28 | 000,000,153 | ---- | C] () -- C:\Users\dagmar\AppData\locked-default.pls.slzs [2011/07/13 01:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E} [2011/07/13 01:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010} [2010/05/07 18:12:06 | 000,015,022 | ---- | C] () -- C:\Windows\UN060501.INI [2010/03/15 14:45:06 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys [2009/10/19 14:36:48 | 000,004,366 | ---- | C] () -- C:\Windows\UN090928.INI [2009/06/18 01:50:02 | 000,000,680 | ---- | C] () -- C:\Users\dagmar\AppData\Local\d3d9caps.dat [2009/02/13 12:59:56 | 000,026,624 | ---- | C] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/10 12:39:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009/02/04 03:05:26 | 000,004,592 | ---- | C] () -- C:\Users\dagmar\AppData\Roaming\wklnhst.dat [2008/12/11 11:25:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008/11/17 17:18:35 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI [2008/11/17 17:16:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys [2008/09/02 07:45:19 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2008/08/28 11:46:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll [2008/08/28 08:27:57 | 000,066,856 | ---- | C] () -- C:\Windows\System32\drivers\FPWinIo.sys [2008/08/28 08:15:44 | 000,628,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/08/28 08:15:44 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/08/28 08:15:44 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/08/28 08:15:44 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008/08/28 08:02:32 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008/08/28 08:02:32 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008/08/28 06:33:16 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008/08/28 05:58:13 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008/08/28 05:58:13 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2008/08/28 05:58:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008/08/28 05:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008/08/28 05:35:46 | 000,119,296 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008/08/28 04:31:15 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008/08/28 04:31:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\29563E424B.sys [2008/08/28 00:25:39 | 000,000,143 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/08/27 22:21:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008/08/27 21:43:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2008/06/18 11:04:34 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys [2008/01/20 22:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,430,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2008/11/13 06:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH [2012/03/12 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign [2011/08/31 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2 [2012/05/02 11:23:30 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn [2010/06/10 15:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org [2009/04/07 07:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless [2009/02/04 03:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template [2012/05/02 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid [2012/03/09 07:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software [2012/05/02 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT [2009/03/05 13:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2 [2011/08/10 06:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions [2012/05/02 13:17:56 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2012/05/02 13:18:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/05/02 12:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== < End of report > Geändert von Sayri (02.05.2012 um 18:52 Uhr) |
02.05.2012, 19:33 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
02.05.2012, 19:34 | #3 |
| Windows Verschlüsselungs Trojaner -.- ok danke für die Antwort ich versuche es jz mal.
__________________Nein klappt leider nicht, startet sich von alleine neu. |
02.05.2012, 19:52 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.-Zitat:
Der normale Modus scheint ja zu blockiert zu werden?
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 19:54 | #5 |
| Windows Verschlüsselungs Trojaner -.- Wenn ich im normalen Modus starte, komme ich auf den Desktop und dann sofort in dieses Trojaner interface, Wenn ich im abgesicherten Modus starte, dann lädt der diese ganzen schriften rein, man sieht kurz den Cursor und dann startet sich der Computer neu und fährt im "normalen" Modus hoch. |
02.05.2012, 20:19 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKU\dagmar_ON_C..\Run: [B2971A31] C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\AutoRun\command - "" = G:\Autorun.exe /run O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell00\Command - "" = G:\Autorun.exe /run O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell01\Command - "" = G:\Autorun.exe /action O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell - "" = AutoRun O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe :Files C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ --> Windows Verschlüsselungs Trojaner -.- |
02.05.2012, 20:30 | #7 |
| Windows Verschlüsselungs Trojaner -.- Ok fix ist durch: hier das Logfile: ========== OTL ========== Registry value HKEY_USERS\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\B2971A31 deleted successfully. C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File E:\AUTOEXEC.BAT not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{091292ec-75e8-11de-929e-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{091292ec-75e8-11de-929e-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09129313-75e8-11de-929e-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09129313-75e8-11de-929e-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f045-004e-11de-a894-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f045-004e-11de-a894-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f06b-004e-11de-a894-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f06b-004e-11de-a894-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. File G:\Autorun.exe /run not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. File G:\Autorun.exe /run not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. File G:\Autorun.exe /action not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found. File G:\Autorun.exe /uninstall not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found. File G:\AutoRun.exe not found. ========== FILES ========== C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTLPE by OldTimer - Version 3.1.48.0 log created on 05022012_222835 Wowwwww danke ich komme wieder auf den Laptop, ich suche nun mal die OTL Datei vielen vielen dank echt gute skills Datei: _OTL.rar empfangen Vorgang erfolgreich abgeschlossen. So auch die Datei ist auf eurem Server, bin ich soweit durch oder muss ich noch was machen? |
02.05.2012, 20:43 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 20:52 | #9 |
| Windows Verschlüsselungs Trojaner -.-Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.02.06 Windows Vista Service Pack 1 x86 FAT32 Internet Explorer 8.0.6001.19088 dagmar :: MAMA-PC [Administrator] 02.05.2012 21:44:01 mbam-log-2012-05-02 (21-44-01).txt Art des Suchlaufs: Voll-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207054 Laufzeit: 5 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\System\CurrentControlSet\Services\svchost (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
02.05.2012, 20:54 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Der Vollscan ist bei dir nach 5 Minuten fertig? Das halte ich für fragwürdig
__________________ Logfiles bitte immer in CODE-Tags posten |
02.05.2012, 21:21 | #11 |
| Windows Verschlüsselungs Trojaner -.- ich habe den scan nochmal gestartet, war da auch etwas irritiert. Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK und das ist der log von dem Suchlauf über die Software Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.02.06 Windows Vista Service Pack 1 x86 FAT32 Internet Explorer 8.0.6001.19088 dagmar :: MAMA-PC [Administrator] 02.05.2012 21:56:42 mbam-log-2012-05-02 (21-56-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 443157 Laufzeit: 1 Stunde(n), 55 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\$recycle.bin\s-1-5-21-1186228194-2826595677-3955999054-1001\$rzf385w\movedfiles\05022012_222835\c_users\dagmar\appdata\roaming\nmtgqpxlyn\321bfd41b2971a315607.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
03.05.2012, 07:39 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- ESET hast du falsch gemacht. Stand extra ein dicker Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
06.05.2012, 20:11 | #13 |
| Windows Verschlüsselungs Trojaner -.- Soo, habe nochmal ESET laufen lassen dismal richtig hoffe ich. Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=01051b5e26023441adda1bbc4db7c7db # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-06 01:32:20 # local_time=2012-05-06 03:32:20 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 0 173839335 0 0 # compatibility_mode=8192 67108863 100 0 318141 318141 0 0 # scanned=81059 # found=28 # cleaned=28 # scan_time=4533 C:\$RECYCLE.BIN\S-1-5-21-1186228194-2826595677-3955999054-1001\$R4K0YEY.rar a variant of Win32/Injector.QUK trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\aso3sys.dll probably a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\SendLogs.exe Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\bg\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\cs\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\DA\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\DTCH\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\el\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\ENG\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\ES\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\fi\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\FR\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\GRMN\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\hu\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\in\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\ITLY\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\JA\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\no\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\pl\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\pt\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\ro\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\sv\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\th\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\TR\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\ZH\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Reviversoft\Registry Reviver\zhcn\regclean.ini Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=01051b5e26023441adda1bbc4db7c7db # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-06 04:04:41 # local_time=2012-05-06 06:04:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 0 173844017 0 0 # compatibility_mode=8192 67108863 100 0 322823 322823 0 0 # scanned=221132 # found=1 # cleaned=0 # scan_time=8991 C:\Users\dagmar\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I |
07.05.2012, 09:31 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.-Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
07.05.2012, 13:38 | #15 |
| Windows Verschlüsselungs Trojaner -.- hi nein, also außer das überall diese nicht zu öffnenden "locked-..." Datein sind ist alles normal, der Laptop fährt normal hoch und alle Ordner sind da, auch keine leeren Ordner. |
Themen zu Windows Verschlüsselungs Trojaner -.- |
anhang, arten, avg secure search, avg security toolbar, beim starten, bezahlen, bingbar, brauch, conduit, direkt, dubiose, durchlauf, e-mail, erhalte, erhalten, geld, geschieht, hoffe, lange, laptop, laufen, locker, mywinlocker, natürlich, plug-in, remote user, schonmal, secure search, sierra, softonic, softonic deutsch toolbar, starte, starten, super, troja, trojaner, verschlüsselungs, version=1.0, vtoolbarupdater, windows |