| |
| |||||||
Log-Analyse und Auswertung: Windows-Verschlüsselungs TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
01.06.2012, 14:44
| #1 |
| |  Windows-Verschlüsselungs Trojaner Vorneweg: Bin neu hier und hab mir einige Regeln/Hinweise/Tipps usw. durchgelesen. Hoffe auch alles einzuhalten. Falls das nicht immer der Fall sein sollte, seht es mir bitte nach  Auf dem PC meiner Eltern kam nach dem Öffnen einer Mail bzw. dem Neustart des Computers das "bekannte" Bild: hxxp://img.trojaner-board.de/verschluesselungstrojaner.png mMn sah es genauso aus, wie hier; also auch mit 256 Bit AES Schlüssel und der gleichen Emailadresse unten (weiß nicht, ob die Infos relevant sind). Passiert ist das ganz am 23.-25.5. Kann es nicht genau eingrenzen, da meine Eltern unregelmäßig am PC sind. Zur Lösung des Problems hab ich mich an diesem Thread orientiert und auch die Ratschläge bis hierher (2.Posting) verfolgt: http://www.trojaner-board.de/114048-...tml#post819282 Die OTL.txt ist die folgende. Allerdings bin ich auch etwas irritiert, welche 2 logfiles ich posten soll... OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/1/2012 3:49:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.55 Gb Total Space | 56.76 Gb Free Space | 76.13% Space Free | Partition Type: NTFS
Drive D: | 68.64 Gb Total Space | 34.26 Gb Free Space | 49.91% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 1.96 Gb Free Space | 33.44% Space Free | Partition Type: FAT32
Drive K: | 3.74 Gb Total Space | 0.83 Gb Free Space | 22.16% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/07/01 13:41:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 15:06:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/20 08:45:22 | 000,072,704 | ---- | M] (Autodesk) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/10/23 12:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008/10/19 09:30:02 | 000,222,456 | ---- | M] () [Auto] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007/10/15 11:02:58 | 000,206,128 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2007/01/09 12:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/07/01 13:42:03 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/10/17 14:42:08 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2010/10/17 14:42:08 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr)
DRV - [2010/08/27 08:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/10/15 11:02:12 | 000,334,640 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETPPPOI.SYS -- (NETPPPOI)
DRV - [2007/09/14 10:04:46 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/14 20:00:00 | 000,567,936 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase)
DRV - [2007/08/14 20:00:00 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2006/10/09 10:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006/10/04 04:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2004/08/04 01:59:50 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/08/07 10:36:48 | 000,362,688 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003/06/12 02:47:42 | 000,024,704 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2003/06/05 02:04:22 | 000,350,752 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2003/05/22 11:44:44 | 000,670,203 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2002/08/15 16:30:40 | 000,016,066 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\VNICPKT5.sys -- (VNICPKT5)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\JP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKU\JP_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\JP_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\JP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/08/17 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/07/14 08:55:36 | 000,000,000 | ---D | M]
[2011/08/17 04:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/03/03 12:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/04 12:09:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/05/15 05:40:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 12:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/22 06:29:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 12:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/13 14:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/12 02:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/12 00:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/12 00:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/08/12 00:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/12 00:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/12 00:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/12 00:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2003/04/02 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\Administrator_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\JP_ON_C..\Run: [60368DCA] C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe (Подборка музыкальных файлов в формате midi)
O4 - HKU\JP_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\LocalService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\NetworkService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\ComCenter\IWatch.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262542631329 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.121.252 192.168.121.253
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe) - C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe (Подборка музыкальных файлов в формате midi)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/03 09:59:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/12/13 13:14:09 | 000,031,744 | ---- | M] () - D:\Automobilisierung.doc -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5DB065C5-1DBC-52C1-8AC9-D8F361FB33F3} - Vektorgrafik-Rendering (VML)
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {91F0EB53-DB50-3491-1691-58C0F84874C7} - Vektorgrafik-Rendering (VML)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {A2674C53-25BB-EAB2-E32C-36F66C8B2763} - Browseranpassungen
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/06/01 10:29:03 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/05/21 02:15:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Dnoxqdnt
[2012/05/21 02:14:48 | 000,085,774 | -H-- | C] (Подборка музыкальных файлов в формате midi) -- C:\WINDOWS\System32\52B2A1A260368DCA5E6E.exe
[2012/05/04 15:04:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\JP\Desktop\Nicht verwendete Desktopverknüpfungen
[2010/01/03 13:16:41 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT.DLL
[2010/01/03 13:16:41 | 000,016,066 | ---- | C] ( ) -- C:\WINDOWS\System32\VNICPKT5.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/01 08:20:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 06:15:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/21 02:14:48 | 000,085,774 | -H-- | M] (Подборка музыкальных файлов в формате midi) -- C:\WINDOWS\System32\52B2A1A260368DCA5E6E.exe
[2012/05/18 05:24:13 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\JP\Desktop\Microsoft Office Word 2003.lnk
[2012/05/17 05:59:50 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\JP\Desktop\Microsoft Office Excel 2003.lnk
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/24 16:03:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/24 16:03:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/24 16:03:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/24 16:03:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/24 16:03:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/24 16:03:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/16 10:19:15 | 003,868,006 | ---- | C] () -- C:\Dokumente und Einstellungen\JP\Eigene Dateien\Kopie von IMG_8807.JPG
[2012/05/16 10:16:57 | 003,865,970 | ---- | C] () -- C:\Dokumente und Einstellungen\JP\Eigene Dateien\IMG_8807.JPG
[2012/05/14 14:53:21 | 003,643,986 | ---- | C] () -- C:\Dokumente und Einstellungen\JP\Eigene Dateien\IMG_0493.JPG
[2011/10/12 13:05:41 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2011/10/12 13:05:41 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2011/10/12 13:05:41 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2011/10/12 13:05:41 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2011/10/12 13:05:41 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2011/10/12 13:05:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2011/10/12 13:05:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2011/10/12 13:05:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2011/10/12 13:05:41 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2011/10/12 13:05:41 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2011/10/12 13:05:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2011/10/12 13:05:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2011/10/12 13:05:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2011/10/12 13:05:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2011/10/12 13:05:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2011/10/12 13:05:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2011/10/12 13:05:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2011/10/12 13:05:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2011/10/12 13:05:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2011/10/12 13:05:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2011/10/12 13:05:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2011/03/14 17:16:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\PegasusImaging.Advanced.ImagXpress8.dll
[2011/03/14 17:16:05 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\PegasusImaging.Resources.ImagXpress8.dll
[2010/03/12 11:34:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/28 09:19:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/22 11:50:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/02/22 08:54:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/27 16:15:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/12 14:12:59 | 000,008,632 | R--- | C] () -- C:\WINDOWS\PRISMDOM.ini
[2010/01/05 08:41:30 | 000,972,072 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/05 08:41:29 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/01/05 08:41:27 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/01/05 08:41:26 | 000,156,671 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/04 11:43:30 | 000,000,534 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/03 19:09:39 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/01/03 14:42:25 | 000,062,464 | ---- | C] () -- C:\Dokumente und Einstellungen\JP\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 13:51:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/03 13:46:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/03 13:42:37 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/01/03 13:30:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll
[2010/01/03 13:26:41 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\JP\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/01/03 13:16:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\VSetupDi.dll
[2010/01/03 13:16:41 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\VNICDiag.exe
[2010/01/03 13:16:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VNICMon.exe
[2010/01/03 13:16:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\VNICCustomDLL.dll
[2010/01/03 12:55:53 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010/01/03 12:55:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2010/01/03 12:55:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2010/01/03 12:55:53 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2010/01/03 12:55:53 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2010/01/03 12:32:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2010/01/03 12:32:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2010/01/03 12:32:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2010/01/03 12:32:26 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2010/01/03 12:28:09 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/01/03 12:28:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/01/03 12:28:08 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010/01/03 12:28:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010/01/03 12:28:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/01/03 12:28:07 | 000,064,957 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2010/01/03 12:28:05 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010/01/03 12:28:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010/01/03 12:28:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/01/03 10:01:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/03 09:57:56 | 000,023,836 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/03 09:12:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/03 09:11:47 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/19 10:19:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/07/19 10:19:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2003/04/02 08:00:00 | 000,698,994 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/02 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/02 08:00:00 | 000,641,742 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/02 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/02 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/02 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/02 08:00:00 | 000,188,294 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/02 08:00:00 | 000,153,408 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/02 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/02 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/02 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/02 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/02 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/04 09:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 09:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2010/02/20 08:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Autodesk
[2010/01/03 14:52:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\ComCenter
[2012/05/21 02:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Dnoxqdnt
[2011/07/14 17:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\DVDVideoSoft
[2011/05/22 05:50:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010/07/22 12:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Eumex 400
[2010/03/07 07:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Folding@home-gpu
[2010/01/20 06:11:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\GHISLER
[2010/01/04 12:11:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\ICQ
[2010/07/01 16:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Opera
[2010/06/06 14:43:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\ScreeNet iSaver
[2010/01/10 12:55:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\JP\Anwendungsdaten\T-Online
[2010/01/13 14:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\T-Online
[2010/02/20 08:49:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2010/01/03 14:26:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/01/04 12:08:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010/01/03 14:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2010/01/10 12:54:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010/07/19 07:49:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online_ZusatzSoftware
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010/01/04 19:48:05 | 000,000,000 | ---D | M] -- C:\2c11515bd658e9b91d9fcab672
[2010/04/14 12:53:30 | 000,000,000 | ---D | M] -- C:\7f4424088bd6fe3dc765b592fbdf14c7
[2010/04/14 12:51:59 | 000,000,000 | ---D | M] -- C:\8d386625f6f4facf562079248b71
[2010/02/13 10:48:48 | 000,000,000 | ---D | M] -- C:\ATI
[2012/01/24 12:03:23 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010/01/05 07:18:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/04/27 00:44:09 | 000,000,000 | -HSD | M] -- C:\found.000
[2011/03/14 17:20:06 | 000,000,000 | ---D | M] -- C:\gis
[2011/04/19 13:15:17 | 000,000,000 | ---D | M] -- C:\JAGD
[2012/06/01 10:30:10 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2011/08/10 12:46:47 | 000,000,000 | ---D | M] -- C:\Michael
[2010/01/04 11:37:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/10/12 13:08:20 | 000,000,000 | R--D | M] -- C:\Programme
[2010/01/03 14:15:37 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/05/24 15:33:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/01/20 06:12:06 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011/10/12 13:11:56 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2010/01/04 09:05:10 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/04 09:05:10 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010/01/04 09:05:10 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/04 09:05:10 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 03:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 03:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2004/08/04 03:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[2003/04/02 08:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 03:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 03:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 03:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010/01/05 09:00:32 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/01/05 07:29:05 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2010/01/05 09:00:32 | 020,447,232 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/01/05 09:00:32 | 005,242,880 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:39:48 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/04 03:57:28 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/04 03:57:31 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2009/10/29 01:44:07 | 001,506,304 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2008/07/03 09:14:58 | 008,495,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Werden weitere Infos benötigt? Auf dem PC läuft Windows XP... könnte noch interessant sein... Ich danke schonmal für die Hilfe und die Ratschläge, die hoffentlich gleich kommen Geändert von kalle_kalk (01.06.2012 um 14:46 Uhr) Grund: Logfiles unübersichtlich |
|
03.06.2012, 14:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows-Verschlüsselungs Trojaner Erstmal vorweg:
__________________Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer  es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "orginal" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht. Und in Zukunft willst du bzw. wollen deine Eltern sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\JP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKU\JP_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\JP_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
[2010/01/04 12:09:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\JP_ON_C..\Run: [60368DCA] C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\JP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe) - C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/03 09:59:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/12/13 13:14:09 | 000,031,744 | ---- | M] () - D:\Automobilisierung.doc -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Files
C:\Dokumente und Einstellungen\JP\Anwendungsdaten\Dnoxqdnt
C:\WINDOWS\system32\52B2A1A260368DCA5E6E.exe
C:\WINDOWS\System32\winsh32?
C:\found.000
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
| Themen zu Windows-Verschlüsselungs Trojaner |
| 256 bit, administrator, antivir, avira, bho, desktop, disabletaskmgr, einstellungen, error, excel, explorer, firefox, folding, format, kaspersky, microsoft office word, neu, neustart, object, plug-in, registry, rundll, scan, security, security update, software, temp, trojane, trojaner, verschlüsselungstrojaner, windows, windows xp, winlogon.exe |
Hybrid-Darstellung
