| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2012, 19:35
| #1 |
| |  Verschlüsselungs-Trojaner eingefangen Habe mir heute versehentlich den Verschlüsselungs-Trojaner eingefangen! Was kann ich tun? Benötige die Daten von der Festplatte dringend...! Habe folgendes Thread gelesen: http://www.trojaner-board.de/115624-...-trojaner.html Wie kann ich dies auf mich anwenden? Hier mein Report von OTLPE: OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/4/2012 1:37:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 43.20 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive E: | 14.94 Gb Total Space | 14.63 Gb Free Space | 97.97% Space Free | Partition Type: NTFS
Drive G: | 200.33 Gb Total Space | 86.20 Gb Free Space | 43.03% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 4.50 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (TomTomHOMEService)
SRV - File not found [On_Demand] -- -- (Microsoft SharePoint Workspace Audit Service)
SRV - File not found [Auto] -- -- (MBAMService)
SRV - File not found [Auto] -- -- (frameworkPostgreSQL)
SRV - File not found [On_Demand] -- -- (DATEV Update-Service)
SRV - File not found [Auto] -- -- (ASLDRService)
SRV - File not found [Auto] -- -- (AAV UpdateService)
SRV - [2012/05/22 14:03:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- G:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/08 09:09:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 09:09:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 09:09:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/05 04:17:49 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- G:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/07 07:53:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/11 06:30:40 | 000,008,192 | ---- | M] () [Auto] -- G:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/27 04:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand] -- G:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/07 23:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto] -- G:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/12/09 06:01:50 | 000,405,504 | R--- | M] () [Auto] -- G:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008/07/04 07:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- G:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - [2012/05/08 09:09:19 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 09:09:19 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 15:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/04 09:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/28 06:27:08 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/06/26 20:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/10 02:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- G:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- G:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- G:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/28 05:19:58 | 000,281,760 | ---- | M] () [Kernel | Auto] -- G:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/28 05:19:57 | 000,025,888 | ---- | M] () [Kernel | Auto] -- G:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- G:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/09 13:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- G:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/06 06:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 06:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 06:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 06:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/08/15 16:25:00 | 009,826,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/27 01:45:34 | 000,554,368 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/05/08 11:14:14 | 000,165,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/17 06:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/30 21:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/02/14 11:13:34 | 000,045,136 | ---- | M] (MARX CryptoTech LP) [Kernel | On_Demand] -- G:\Windows\System32\drivers\CBUSB.sys -- (CBUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_Roth_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Sebastian_Roth_ON_G\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
IE - HKU\Sebastian_Roth_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_Roth_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: G:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: G:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - G:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - G:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - G:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] G:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] G:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] G:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] File not found
O4 - HKLM..\Run: [HControlUser] File not found
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [NvCplDaemon] G:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] G:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Sebastian_Roth_ON_G..\Run: [AdobeBridge] File not found
O4 - HKU\Sebastian_Roth_ON_G..\Run: [D2310B2B] G:\Users\Sebastian Roth\AppData\Roaming\Fgtauf\46A677BAD2310B2B2FA0.exe (Sporopo po po)
O4 - HKU\Sebastian_Roth_ON_G..\Run: [OfficeSyncProcess] File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] File not found
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Sebastian_Roth_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/03 23:40:57 | 000,000,000 | ---D | C] -- G:\Windows\Microsoft-Support für
[2012/06/03 23:40:57 | 000,000,000 | ---D | C] -- G:\Windows\Microsoft Antimalware
[2012/06/03 11:01:21 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/03 11:00:10 | 000,000,000 | ---D | C] -- G:\Users\Sebastian Roth\AppData\Roaming\Malwarebytes
[2012/06/03 11:00:04 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 11:00:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2012/06/03 11:00:03 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2012/06/03 10:52:52 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- G:\Users\Sebastian Roth\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/03 10:41:04 | 000,000,000 | ---D | C] -- G:\Program Files\ESET
[2012/06/03 10:32:15 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/06/03 10:32:14 | 000,000,000 | ---D | C] -- G:\Users\Sebastian Roth\AppData\Roaming\OpenCandy
[2012/06/03 09:14:26 | 000,000,000 | ---D | C] -- G:\Users\Sebastian Roth\AppData\Roaming\Fgtauf
[2012/05/10 04:56:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntkrnlpa.exe
[2012/05/10 04:56:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntoskrnl.exe
[2012/05/10 04:56:33 | 002,343,424 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys
[2012/05/10 04:55:16 | 001,077,248 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\DWrite.dll
[4 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/03 20:39:35 | 000,001,062 | ---- | M] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 20:37:25 | 000,001,110 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 20:36:01 | 2415,394,816 | -HS- | M] () -- G:\hiberfil.sys
[2012/06/03 17:31:45 | 010,557,634 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2012/06/03 17:31:45 | 003,336,368 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2012/06/03 17:31:45 | 000,349,252 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2012/06/03 17:31:45 | 000,060,734 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2012/06/03 12:08:05 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 12:08:05 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 11:01:21 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/03 11:00:04 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 10:58:32 | 099,308,192 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\avira_free_antivirus_de12001125.exe
[2012/06/03 10:52:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- G:\Users\Sebastian Roth\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/03 10:32:15 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/06/03 10:17:02 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 09:12:00 | 000,001,114 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 05:36:32 | 000,076,267 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_2_2.png
[2012/05/18 05:36:32 | 000,066,007 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_2_3.png
[2012/05/18 05:36:30 | 000,042,579 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_1_2.png
[2012/05/18 05:36:30 | 000,038,730 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_1_3.png
[2012/05/18 05:36:29 | 000,028,188 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_2_1.png
[2012/05/18 05:36:28 | 000,020,298 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_1_1.png
[2012/05/11 02:49:40 | 008,758,000 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2012/05/11 01:20:37 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/08 09:09:19 | 000,137,928 | ---- | M] (Avira GmbH) -- G:\Windows\System32\drivers\avipbb.sys
[2012/05/08 09:09:19 | 000,083,392 | ---- | M] (Avira GmbH) -- G:\Windows\System32\drivers\avgntflt.sys
[2012/05/07 04:24:00 | 000,037,477 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\Wirtshaus Zum Adler - Bestellliste ASEO neu 04-2012 (1).pdf
[4 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/03 10:28:40 | 099,308,192 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\avira_free_antivirus_de12001125.exe
[2012/05/18 06:57:34 | 000,066,007 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_2_3.png
[2012/05/18 06:57:31 | 000,076,267 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_2_2.png
[2012/05/18 06:57:28 | 000,028,188 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_2_1.png
[2012/05/18 05:37:52 | 000,038,730 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_1_3.png
[2012/05/18 05:37:47 | 000,042,579 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_1_2.png
[2012/05/18 05:37:42 | 000,020,298 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_1_1.png
[2012/05/07 04:24:00 | 000,037,477 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\Wirtshaus Zum Adler - Bestellliste ASEO neu 04-2012 (1).pdf
[2012/04/01 07:06:12 | 000,000,021 | ---- | C] () -- G:\Windows\DvInesKurusOleServer003.INI
[2012/04/01 07:05:30 | 000,000,110 | ---- | C] () -- G:\Windows\dvinesinstalllocation001.INI
[2012/04/01 07:05:27 | 000,000,110 | ---- | C] () -- G:\Windows\dvinesinstart001.INI
[2012/04/01 07:05:24 | 000,000,021 | ---- | C] () -- G:\Windows\Startup.INI
[2012/03/05 16:24:24 | 000,000,000 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\chrtmp
[2012/02/29 10:27:15 | 000,038,438 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- G:\Windows\System32\xlive.dll.cat
[2011/07/28 10:19:00 | 000,043,520 | ---- | C] () -- G:\Windows\System32\CmdLineExt03.dll
[2011/04/12 05:33:18 | 000,043,520 | ---- | C] () -- G:\Windows\System32\CBNDLL.DLL
[2011/03/22 11:19:42 | 000,000,102 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\fusioncache.dat
[2011/03/04 10:48:50 | 000,080,896 | ---- | C] () -- G:\Windows\System32\RDVGHelper.exe
[2011/03/04 10:48:23 | 000,252,928 | ---- | C] () -- G:\Windows\System32\DShowRdpFilter.dll
[2011/03/04 10:46:52 | 000,066,048 | ---- | C] () -- G:\Windows\System32\PrintBrmUi.exe
[2011/01/22 11:08:47 | 000,000,001 | ---- | C] () -- G:\Windows\System32\SI.bin
[2011/01/21 06:54:33 | 000,049,152 | R--- | C] () -- G:\Windows\System32\AVerIO.dll
[2011/01/21 06:54:33 | 000,003,456 | R--- | C] () -- G:\Windows\System32\AVerIO.sys
[2011/01/21 06:54:17 | 000,598,016 | R--- | C] () -- G:\Windows\System32\sptlib21.dll
[2011/01/21 06:54:17 | 000,294,912 | R--- | C] () -- G:\Windows\System32\sptlib11.dll
[2011/01/21 06:54:17 | 000,290,816 | R--- | C] () -- G:\Windows\System32\sptlib22.dll
[2011/01/21 06:54:17 | 000,249,856 | R--- | C] () -- G:\Windows\System32\sptlib03.dll
[2011/01/21 06:54:17 | 000,249,856 | R--- | C] () -- G:\Windows\System32\sptlib01.dll
[2011/01/21 06:54:17 | 000,225,280 | R--- | C] () -- G:\Windows\System32\sptlib02.dll
[2011/01/21 06:54:17 | 000,135,168 | R--- | C] () -- G:\Windows\System32\sptlib12.dll
[2011/01/19 08:56:39 | 000,000,000 | ---- | C] () -- G:\Windows\iPlayer.INI
[2010/08/11 06:49:42 | 001,481,728 | ---- | C] () -- G:\Windows\System32\LegitCheckControl.DLL
[2010/08/11 06:33:32 | 000,008,192 | ---- | C] () -- G:\Windows\System32\srvany.exe
[2010/06/25 04:45:29 | 000,005,632 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 08:39:26 | 000,009,324 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Excel 97-2003.EML
[2010/03/17 09:08:18 | 000,116,224 | ---- | C] () -- G:\Windows\System32\redmonnt.dll
[2010/03/17 09:08:18 | 000,045,056 | ---- | C] () -- G:\Windows\System32\unredmon.exe
[2010/03/11 05:59:38 | 002,434,856 | ---- | C] () -- G:\Windows\System32\pbsvc_bc2.exe
[2010/02/11 08:07:51 | 000,131,584 | ---- | C] () -- G:\Windows\System32\SpoonUninstall.exe
[2010/01/23 08:55:38 | 000,009,255 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Access 97-2003.EML
[2010/01/18 13:26:57 | 000,281,760 | ---- | C] () -- G:\Windows\System32\drivers\atksgt.sys
[2010/01/18 13:26:52 | 000,025,888 | ---- | C] () -- G:\Windows\System32\drivers\lirsgt.sys
[2010/01/14 17:02:06 | 000,139,128 | ---- | C] () -- G:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/14 17:02:06 | 000,138,056 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\PnkBstrK.sys
[2010/01/14 17:01:34 | 000,189,248 | ---- | C] () -- G:\Windows\System32\PnkBstrB.exe
[2010/01/14 17:01:32 | 000,794,408 | ---- | C] () -- G:\Windows\System32\pbsvc.exe
[2010/01/14 17:01:32 | 000,075,136 | ---- | C] () -- G:\Windows\System32\PnkBstrA.exe
[2010/01/10 18:22:19 | 000,000,520 | ---- | C] () -- G:\Windows\System32\drivers\SAMSFPA.DAT
[2010/01/10 15:45:37 | 000,162,304 | ---- | C] () -- G:\Windows\System32\ztvunrar36.dll
[2010/01/10 15:45:37 | 000,077,312 | ---- | C] () -- G:\Windows\System32\ztvunace26.dll
[2009/12/23 19:57:48 | 000,085,504 | ---- | C] () -- G:\Windows\System32\ff_vfw.dll
[2009/08/16 05:08:36 | 000,178,176 | ---- | C] () -- G:\Windows\System32\unrar.dll
[2009/07/14 04:47:43 | 010,557,634 | ---- | C] () -- G:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 003,336,368 | ---- | C] () -- G:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- G:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- G:\Windows\System32\perfd007.dat
[2009/07/14 01:42:24 | 000,000,350 | ---- | C] () -- G:\Windows\System32\AP6RMHV.BIN
[2009/07/14 01:42:24 | 000,000,252 | ---- | C] () -- G:\Windows\System32\AP6RMJX.BIN
[2009/07/14 01:42:24 | 000,000,252 | ---- | C] () -- G:\Windows\System32\AP6RMJH.BIN
[2009/07/14 01:42:24 | 000,000,238 | ---- | C] () -- G:\Windows\System32\AP6RMFP.BIN
[2009/07/14 01:42:24 | 000,000,189 | ---- | C] () -- G:\Windows\System32\AP6RMKS.BIN
[2009/07/14 01:42:24 | 000,000,126 | ---- | C] () -- G:\Windows\System32\AP6RMHR.BIN
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 008,758,000 | ---- | C] () -- G:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,349,252 | ---- | C] () -- G:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- G:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,060,734 | ---- | C] () -- G:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- G:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- G:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- G:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- G:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\System32\mlang.dat
[2009/05/29 10:52:26 | 000,204,800 | ---- | C] () -- G:\Windows\System32\xvidvfw.dll
[2009/05/29 10:47:06 | 000,881,664 | ---- | C] () -- G:\Windows\System32\xvidcore.dll
[2008/06/23 08:02:02 | 000,097,410 | R--- | C] () -- G:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 12:48:50 | 000,020,270 | ---- | C] () -- G:\ProgramData\DeviceInstaller.xml
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- G:\Windows\AviSplitter.INI
[2007/01/15 03:19:16 | 000,016,473 | ---- | C] () -- G:\Windows\System32\SELF32.INI
[1999/12/20 16:35:00 | 000,042,796 | ---- | C] () -- G:\Windows\System32\4dmsg.dll
[1997/06/14 07:56:08 | 000,056,832 | ---- | C] () -- G:\Windows\System32\iyvu9_32.dll
[1601/02/13 04:28:18 | 000,139,776 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\jJVEgGqudeNspvfDO
[1601/02/13 04:28:18 | 000,000,600 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\uypOEeJjTsnDUqXxEefuT
[1601/02/13 04:28:18 | 000,000,083 | ---- | C] () -- G:\ProgramData\jjTafVJvLnlDtsNN
[1601/02/13 04:28:18 | 000,000,017 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\uTxgEfJjtrnUuqxg
========== LOP Check ==========
[2012/06/03 09:33:07 | 000,000,000 | ---D | M] -- G:\ProgramData\4D
[2011/03/01 10:52:32 | 000,000,000 | ---D | M] -- G:\ProgramData\AAV
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2011/01/21 09:39:59 | 000,000,000 | ---D | M] -- G:\ProgramData\AVerTV
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2010/10/22 10:14:52 | 000,000,000 | -HSD | M] -- G:\ProgramData\DSS
[2011/02/04 06:39:47 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Core
[2011/10/07 06:30:11 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Logs
[2011/04/17 05:29:56 | 000,000,000 | ---D | M] -- G:\ProgramData\Electronic Arts
[2010/01/23 09:30:39 | 000,000,000 | ---D | M] -- G:\ProgramData\elsterformular
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2010/03/17 09:08:17 | 000,000,000 | ---D | M] -- G:\ProgramData\FreePDF
[2011/04/12 05:34:27 | 000,000,000 | ---D | M] -- G:\ProgramData\InkaOffice
[2010/01/28 15:41:03 | 000,000,000 | ---D | M] -- G:\ProgramData\Installations
[2011/10/11 15:35:11 | 000,000,000 | ---D | M] -- G:\ProgramData\KONAMI
[2010/01/28 15:59:56 | 000,000,000 | ---D | M] -- G:\ProgramData\OviInstallerCache
[2010/01/28 15:43:00 | 000,000,000 | ---D | M] -- G:\ProgramData\PC Suite
[2011/10/07 08:47:14 | 000,000,000 | ---D | M] -- G:\ProgramData\regid.1986-12.com.adobe
[2011/07/28 11:42:31 | 000,000,000 | ---D | M] -- G:\ProgramData\SlySoft
[2011/11/19 07:05:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Solidshield
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2012/06/03 10:18:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Tages
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2010/04/19 06:55:32 | 000,000,000 | ---D | M] -- G:\ProgramData\TomTom
[2011/03/23 08:23:38 | 000,000,000 | ---D | M] -- G:\ProgramData\Ubisoft
[2012/06/03 12:00:45 | 000,000,000 | ---D | M] -- G:\ProgramData\Vodafone
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2010/01/10 15:46:45 | 000,000,000 | ---D | M] -- G:\ProgramData\Win7codecs
[2010/06/22 03:52:54 | 000,000,000 | ---D | M] -- G:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/12 07:45:28 | 000,000,000 | ---D | M] -- G:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/02/24 05:01:48 | 000,032,632 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> G:\Windows:2B0FE20348CE5802
@Alternate Data Stream - 143 bytes -> G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty
< End of report >
Geändert von Sero82 (03.06.2012 um 20:05 Uhr) |
|
04.06.2012, 16:31
| #2 |
| /// Malware-holic   | Verschlüsselungs-Trojaner eingefangen auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
__________________rein: Code:
ATTFilter :OTL
O4 - HKU\Sebastian_Roth_ON_G..\Run: [D2310B2B] G:\Users\Sebastian Roth\AppData\Roaming\Fgtauf\46A677BAD2310B2B2FA0.exe (Sporopo po po)
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ |
|
| Themen zu Verschlüsselungs-Trojaner eingefangen |
| alternate, anwenden, avira searchfree toolbar, benötige, bingbar, conduit, crypto, daten, document, eingefangen, festplatte, folge, folgendes, gefangen, gen, google earth, platte, plug-in, thread, verschlüsselungs-trojaner, versehentlich, version=1.0, vodafone |
Linear-Darstellung
