|
Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner --> Dateien EntschlüsselnWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.06.2012, 17:44 | #1 |
| Windows Verschlüsselungs Trojaner --> Dateien Entschlüsseln Hallo zusammen, habe mal wieder einen Rechner eines Bekannten und soll helfen. Habe den Trojaner (hoffentlich) erfolgreich mit Malwarebytes gekillt. Jedoch sind die Dateien jetzt noch verschlüsselt. Hier mal die OTL.txt. Hat einer ne Idee?OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/4/2012 7:37:33 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 802.00 Mb Available Physical Memory | 79.00% Memory free 903.00 Mb Paging File | 845.00 Mb Available in Paging File | 94.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.69 Gb Total Space | 109.74 Gb Free Space | 78.56% Space Free | Partition Type: NTFS Drive D: | 940.72 Mb Total Space | 929.56 Mb Free Space | 98.81% Space Free | Partition Type: FAT Drive E: | 7.80 Gb Total Space | 0.00 Gb Free Space | 0.05% Space Free | Partition Type: NTFS Drive F: | 1.55 Gb Total Space | 0.02 Gb Free Space | 1.02% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (Automatisches LiveUpdate - Scheduler) SRV - [2012/05/04 14:20:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 09:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360) SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008/01/29 11:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/04/15 21:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007/03/05 05:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/02/06 02:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (upperdev) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2012/06/03 04:31:43 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/06/03 04:31:43 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/01 01:55:02 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120601.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/05/28 12:52:51 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/05/26 19:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120602.009\NAVEX15.SYS -- (NAVEX15) DRV - [2012/05/26 19:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120602.009\NAVENG.SYS -- (NAVENG) DRV - [2012/04/04 09:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/03 13:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120517.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/03/29 02:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS -- (SRTSP) DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2012/03/28 18:28:38 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS -- (SYMTDIv) DRV - [2012/03/28 18:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA) DRV - [2012/03/28 18:28:26 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS) DRV - [2012/03/28 18:06:26 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS -- (SymIRON) DRV - [2011/11/29 10:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys -- (ccSet_N360) DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/05/24 10:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007/04/15 21:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 05:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/11/01 21:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006/06/28 05:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/28 12:59:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/06/04 12:02:30 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/30 12:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/04 12:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012/06/04 12:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012/06/04 10:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/04 10:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/04 10:15:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/04 10:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/12 14:53:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/05/12 14:53:55 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/05/12 14:53:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2012/05/12 14:53:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/05/12 14:53:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/05/12 14:53:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/05/12 14:53:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/05/12 10:32:04 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/05/12 10:32:04 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/05/12 10:32:04 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/05/12 10:32:03 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/05/12 10:32:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/05/12 10:31:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/05/12 10:31:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/05/12 10:31:34 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/05/10 15:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/05/10 15:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012/05/10 13:42:37 | 000,000,000 | ---D | C] -- C:\Intel ========== Files - Modified Within 30 Days ========== [2012/06/04 12:19:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/04 12:19:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/04 12:19:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/04 12:19:06 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012/06/04 12:18:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/06/04 12:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012/06/04 12:17:24 | 002,143,963 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB [2012/06/04 12:06:23 | 000,682,160 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/06/04 12:06:23 | 000,639,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/04 12:06:23 | 000,143,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/06/04 12:06:23 | 000,118,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/04 11:59:42 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/04 11:59:12 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys [2012/06/04 10:15:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/04 10:15:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/04 10:09:36 | 000,423,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/03 09:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/03 08:41:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/03 06:26:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012/06/03 06:26:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012/06/03 06:26:14 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/06/03 06:26:14 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2012/06/03 04:31:10 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\VT20120410.034 [2012/05/28 12:52:51 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012/05/28 12:52:51 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012/05/28 12:52:51 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini [2012/05/10 15:39:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office ========== Files Created - No Company Name ========== [2012/06/04 11:59:12 | 1064,624,128 | -HS- | C] () -- C:\hiberfil.sys [2012/06/04 10:15:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/03 06:26:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012/06/03 06:26:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012/02/19 10:55:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012/02/19 10:55:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/01/11 12:48:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/12/01 10:59:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008/12/01 10:59:26 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008/12/01 10:59:26 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008/12/01 10:59:26 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008/12/01 10:59:26 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008/12/01 10:59:26 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007/08/24 08:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007/08/24 08:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007/08/24 08:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007/08/24 08:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/09 12:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006/11/09 12:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006/11/02 11:38:05 | 000,682,160 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 11:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 11:38:05 | 000,143,714 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 11:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:44:53 | 000,423,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:33:01 | 000,639,936 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,118,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2009/03/16 09:06:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2009/03/16 09:37:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ [2009/03/17 12:55:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV [2012/06/03 06:28:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX [2012/06/03 06:34:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter [2012/06/03 06:31:07 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM [2012/06/03 06:31:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2009/01/15 12:35:17 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe [2010/03/22 16:20:39 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010/07/20 13:04:03 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2007/12/14 20:10:07 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2012/05/10 15:13:37 | 000,000,000 | ---D | M] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012/06/04 12:19:04 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
05.06.2012, 21:10 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner --> Dateien EntschlüsselnZitat:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht! Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung
__________________ |
Themen zu Windows Verschlüsselungs Trojaner --> Dateien Entschlüsseln |
adobe, adobe flash player, autorun, bho, canon, defender, desktop, error, explorer, firefox, flash player, format, helper, home, launch, logfile, malwarebytes, microsoft, object, plug-in, registry, scan, security, software, symantec, trojaner, vista, windows |