Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verschlüsselungstrojaner 100€ am Notebook

Verschlüsselungstrojaner 100€ am Notebook


Log-Analyse und Auswertung: Verschlüsselungstrojaner 100€ am Notebook

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.05.2012, 21:59   #1
zebe
 
Verschlüsselungstrojaner 100€ am Notebook - Standard

Verschlüsselungstrojaner 100€ am Notebook


Hallo,

eine Freundin hat sich auf ihrem Notebook einen Verschlüsselungstrojaner über eine Email mit Rechnungsanhang eingefangen.
Ich habe ihr zugesagt ihr zu helfen. Nun stellt sich heraus, dass dies gar nicht so einfach ist.
Ich habe lt. den Anweisungen die folgenden Log-Dateien generiert.

Über eure Unterstützung bei der Beseitigung dieses Trojaners würde ich mich wirklich sehr freuen.

Vielen Dank bereits im Vorfeld!

OTL:
OTL logfile created on: 30.05.2012 22:25:51 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,11 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 89,37% Memory free
6,23 Gb Paging File | 5,92 Gb Available in Paging File | 95,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,21 Gb Total Space | 145,66 Gb Free Space | 74,62% Space Free | Partition Type: NTFS
Drive D: | 269,37 Gb Total Space | 269,04 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive F: | 1,92 Gb Total Space | 1,91 Gb Free Space | 99,48% Space Free | Partition Type: FAT32

Computer Name: NOTEBOK | User Name: xxx | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.30 22:18:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012.05.09 20:36:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 20:36:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.07 08:45:25 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.05 19:36:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.20 23:29:48 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.11.20 23:29:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.05.28 03:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Programme\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010.05.28 03:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Programme\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service)
SRV - [2010.04.20 12:40:12 | 000,615,712 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.30 14:02:38 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 14:02:36 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2012.05.09 20:36:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 20:36:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.19 13:39:53 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.23 10:54:46 | 000,029,232 | ---- | M] (EgisTec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2011.07.23 10:54:37 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2011.07.23 10:54:37 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2011.07.23 10:54:37 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011.02.08 12:03:54 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.11.20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:12 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.25 19:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.27 08:43:50 | 000,185,344 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.07 08:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.07 08:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.05.07 08:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.22 20:35:25 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.07 08:45:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 20:17:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 20:17:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 20:17:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 20:17:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 20:17:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 20:17:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Programme\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Programme\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Programme\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [331BigDog] C:\Programme\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20BD826F-C8C7-4135-A1F8-0BCD7933E5A7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2D0038D-4FBD-4945-A18F-35015C57DA8B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Programme\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.30 22:28:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2012.05.30 21:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.30 21:49:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 21:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.30 21:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.30 20:55:47 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2012.05.30 00:21:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.05.30 00:21:12 | 000,000,000 | ---D | C] -- \Kaspersky Rescue Disk 10.0
[2012.05.20 14:12:51 | 000,085,774 | -H-- | C] (Подборка музыкальных файлов в формате midi) -- C:\Windows\System32\45D469C06EFB31F24968.exe
[2012.05.07 08:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.07 08:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.01 13:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2012.05.01 13:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2012.05.01 13:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames

========== Files - Modified Within 30 Days ==========

[2012.05.30 22:25:00 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.30 22:25:00 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.30 22:25:00 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.30 22:25:00 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.30 22:24:36 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\defogger_reenable
[2012.05.30 22:20:13 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.30 22:20:07 | 2507,546,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.30 22:04:16 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 22:04:16 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 21:56:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.30 21:56:46 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.05.30 21:49:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 21:42:57 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.30 21:42:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 22:24:17 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.20 14:12:51 | 000,085,774 | -H-- | M] (Подборка музыкальных файлов в формате midi) -- C:\Windows\System32\45D469C06EFB31F24968.exe
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh320
[2012.05.09 20:36:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.09 20:36:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2012.05.30 22:24:36 | 000,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\defogger_reenable
[2012.05.30 21:49:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 14:38:58 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh325
[2012.05.20 14:38:58 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh324
[2012.05.20 14:38:58 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh323
[2012.05.20 14:38:58 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh322
[2012.05.20 14:38:58 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh321
[2012.05.20 14:38:58 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh320
[2011.11.07 13:20:32 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011.09.22 12:17:30 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.09 20:47:30 | 000,000,061 | ---- | C] () -- C:\Windows\BRAINBOX.INI
[2011.09.09 20:38:56 | 000,027,004 | ---- | C] () -- C:\Windows\Memory95.dat
[2011.07.31 20:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.07.29 11:44:51 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2011.07.27 21:30:31 | 000,000,067 | ---- | C] () -- C:\Windows\System32\mahjongg.ini
[2011.07.27 19:41:10 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011.07.27 19:41:10 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011.07.27 13:24:56 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011.07.23 14:06:24 | 000,217,892 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011.07.23 14:06:24 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011.07.23 10:56:54 | 000,001,341 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2011.07.23 10:43:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.22 19:37:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.07.22 19:37:53 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.07.22 19:37:53 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011.07.22 19:37:53 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011.07.22 19:37:53 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011.07.22 19:37:53 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011.07.22 19:37:53 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.07.22 19:03:45 | 2507,546,624 | -HS- | C] () -- \hiberfil.sys
[2011.07.19 21:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.19 21:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.07.19 21:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.07.19 21:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.07.19 21:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.07.19 21:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.07.19 21:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.07.19 21:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.07.19 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.07.19 21:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.04.12 03:30:05 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini

========== LOP Check ==========

[2012.05.30 21:56:46 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2009.07.14 06:53:46 | 000,020,792 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(24).TXT
[2012.05.17 19:42:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


GMER:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-30 22:56:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: 530mligm.exe; Driver: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\kxddqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82086339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820BFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74032437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74015600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740156BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740324B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74028514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74024CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7402506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74025144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74026671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7402826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740287BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7402901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7402E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74024BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Vielen Dank schon im Vorfeld
Liebe Grüße
zebe

 

Themen zu Verschlüsselungstrojaner 100€ am Notebook
100 euro, adobe, antivir, autorun, avira, beseitigung, bho, bonjour, defender, document, down, email, explorer, firefox, flash player, format, helper, kaspersky, lenovo, locker, logfile, mozilla, plug-in, registry, scan, searchscopes, security, senden, software, system, verschlüsselungstrojaner windows 7, version=1.0, windows


« Trojaner 1.140.1, Alle Dateien verschlüsselt | Viren? schwarzer Bildschirm nach Windows Login »


Ähnliche Themen: Verschlüsselungstrojaner 100€ am Notebook


  1. Notebook fährt ohne Grund ständig runter! Virus? Trojaner oder neues Notebook?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (9)
  2. Notebook Instandsetzung Win 7
    Log-Analyse und Auswertung - 23.06.2014 (7)
  3. HP Notebook überprüfen
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (11)
  4. GUV / BSI Trojaner auf dem Notebook
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
  5. Notebook Kühler
    Netzwerk und Hardware - 27.08.2012 (4)
  6. GVU 2.07 Trojaner auf Notebook mit Win 7 - 64 bit
    Log-Analyse und Auswertung - 21.07.2012 (17)
  7. Notebook friert ein
    Alles rund um Windows - 12.07.2012 (1)
  8. Verschlüsselungstrojaner auf Vista Notebook
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  9. Notebook einschicken
    Alles rund um Windows - 20.03.2012 (2)
  10. TR/Alureon.FL.2 auf Notebook
    Log-Analyse und Auswertung - 28.12.2011 (17)
  11. Notebook - Torjanerfund
    Mülltonne - 12.05.2008 (0)
  12. Notebook
    Mülltonne - 02.11.2007 (0)
  13. Neues Notebook
    Netzwerk und Hardware - 15.01.2007 (10)
  14. IBM Notebook ist selbstständig
    Log-Analyse und Auswertung - 11.01.2007 (2)
  15. XP für altes Notebook?
    Alles rund um Windows - 02.06.2006 (4)
  16. Notebook
    Netzwerk und Hardware - 24.06.2005 (27)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungstrojaner 100€ am Notebook - Hallo, eine Freundin hat sich auf ihrem Notebook einen Verschlüsselungstrojaner über eine Email mit Rechnungsanhang eingefangen. Ich habe ihr zugesagt ihr zu helfen. Nun stellt sich heraus, dass dies gar - Verschlüsselungstrojaner 100€ am Notebook...
Archiv
Du betrachtest: Verschlüsselungstrojaner 100€ am Notebook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131