|
Log-Analyse und Auswertung: 256 bit AES Verschlüsselung ,Windows Update Trojaner 100 EuroWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.06.2012, 12:55 | #1 |
| 256 bit AES Verschlüsselung ,Windows Update Trojaner 100 Euro Hallo, Trojaner Board Mein Problem: Ich habe mir gestern einen Trojaner durch eine insfizierte Mail eingefangen, von einem unbekannten Verfasser. Ich hatte "ausversehen" den Link geöffnet und dann die Zip -Datei geöffnet. Ich weiß das das dumm war Dann hat der Computer sich probiert neuzustarten und dann kam die Meldung, dass ich einen Trojaner habe und dass der Computer sich aus Sicherheitsgründen verschlüsselt hat mit einer 256 bit AES Verschlüsselung. Um den Unlock- Code zu bekommen muss ich 100 Euro per Ukash oder Paysafe Card zahlen. Das mache ich natürlich nicht. Was ich bereits gemacht habe Ich habe den Computer ausgemacht und dann im Abgesicherten Modus gestartet. Das hat sogar funktioniert ! Dann habe ich OTLPE installiert und den Scan gemacht. Hier ist mein OTL Log: Code:
ATTFilter OTL logfile created on: 6/15/2012 1:13:28 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS Drive D: | 224.61 Gb Total Space | 123.30 Gb Free Space | 54.89% Space Free | Partition Type: NTFS Drive E: | 241.05 Gb Total Space | 240.79 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/13 11:39:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/13 11:39:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/04/28 18:14:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/01 13:58:13 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/02/15 16:35:27 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/13 11:39:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/13 11:39:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/01/12 11:58:20 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/12/07 13:22:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- D:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/10/11 09:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/09/16 09:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2011/06/10 02:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/06/02 04:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/06/02 04:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/04/30 07:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011/04/30 07:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/04/30 07:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\markus_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112465&babsrc=HP_ss&mntrId=3230616e00000000000014dae9ee0716 IE - HKU\markus_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\markus_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\markus_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 E1 4F 9F 89 91 CC 01 [binary data] IE - HKU\markus_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0: D:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/28 18:14:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 18:14:23 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/03 12:39:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/04/28 18:14:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/28 18:14:21 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/03 12:35:42 | 000,002,313 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/04/28 18:14:21 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/28 18:14:21 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/01/14 05:53:19 | 000,002,048 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012/04/28 18:14:21 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/28 18:14:21 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/28 18:14:21 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (wxDfast Class) - {20CB213F-ADCA-4780-AE82-D993B97D64E9} - File not found O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] D:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [facemoods] D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\markus_ON_D..\Run: [3230616E] D:\Users\markus\AppData\Local\Temp\Nfjtyk\pnrdqymvkvy.exe () O4 - HKU\markus_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\markus_ON_D..\Run: [InstallIQUpdater] D:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/14 00:42:46 | 000,918,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll [2012/06/14 00:42:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll [2012/06/14 00:42:43 | 000,735,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll [2012/06/14 00:42:43 | 000,627,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll [2012/06/14 00:42:43 | 000,097,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll [2012/06/14 00:42:43 | 000,067,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll [2012/06/14 00:42:42 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll [2012/06/14 00:42:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll [2012/06/14 00:42:42 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll [2012/06/14 00:42:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll [2012/06/14 00:40:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll [2012/06/14 00:40:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll [2012/06/14 00:40:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe [2012/06/14 00:39:55 | 005,559,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe [2012/06/14 00:39:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe [2012/06/14 00:39:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe [2012/06/14 00:39:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msi.dll [2012/06/14 00:39:48 | 002,342,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msi.dll [2012/06/14 00:39:45 | 001,462,272 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll [2012/06/14 00:39:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cryptnet.dll [2012/05/28 07:04:11 | 000,000,000 | ---D | C] -- D:\ProgramData\POP3Profiles [2012/05/27 08:55:03 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Ubisoft [2012/05/27 07:25:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft ========== Files - Modified Within 30 Days ========== [2012/06/14 12:56:00 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2012/06/14 12:53:00 | 2132,725,759 | -HS- | M] () -- D:\hiberfil.sys [2012/06/14 10:07:46 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/14 08:06:00 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/14 07:32:15 | 000,022,080 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/14 07:32:15 | 000,022,080 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/14 07:27:48 | 000,654,150 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2012/06/14 07:27:48 | 000,616,032 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2012/06/14 07:27:48 | 000,130,022 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2012/06/14 07:27:48 | 000,106,412 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2012/06/14 04:54:02 | 000,294,400 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [2012/06/12 12:25:34 | 000,002,340 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk [2012/05/29 11:27:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/05/29 11:26:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012/05/27 09:00:58 | 000,002,173 | ---- | M] () -- D:\Users\Public\Desktop\Prince of Persia T2T.lnk [2012/05/19 09:15:16 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr [2012/05/19 09:15:16 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe [2012/05/19 09:13:59 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0 ========== Files Created - No Company Name ========== [2012/05/27 09:00:58 | 000,002,173 | ---- | C] () -- D:\Users\Public\Desktop\Prince of Persia T2T.lnk [2012/03/18 06:25:18 | 000,003,584 | ---- | C] () -- D:\Users\markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- D:\Windows\SysWow64\ativvsvl.dat [2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- D:\Windows\SysWow64\ativvsva.dat [2012/03/08 19:26:20 | 000,054,784 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll [2012/01/31 01:00:24 | 000,016,896 | ---- | C] () -- D:\Windows\SysWow64\kdbsdk32.dll [2012/01/14 07:17:19 | 001,961,472 | ---- | C] () -- D:\Windows\SysWow64\qtcore4.dll [2011/11/11 05:19:22 | 000,007,599 | ---- | C] () -- D:\Users\markus\AppData\Local\Resmon.ResmonCfg [2011/11/04 09:14:24 | 000,282,864 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe [2011/11/04 09:14:22 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe [2011/10/25 16:21:34 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\OVDecoder.dll [2011/10/23 12:43:38 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin [2011/10/23 09:40:44 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini [2011/10/23 09:40:35 | 000,028,660 | ---- | C] () -- D:\Windows\Ascd_tmp.ini [2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat [2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat [2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2012/03/31 10:09:13 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD [2011/10/23 09:37:58 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2012/05/03 12:35:40 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon [2012/01/12 11:57:58 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2011/10/23 09:37:58 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente [2011/11/04 11:58:19 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core [2012/06/14 07:26:27 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs [2011/11/04 11:58:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts [2011/10/23 09:37:58 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2012/05/03 12:36:10 | 000,000,000 | ---D | M] -- D:\ProgramData\InstallMate [2012/06/14 07:26:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin [2012/06/14 07:26:38 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files [2012/05/28 07:04:12 | 000,000,000 | ---D | M] -- D:\ProgramData\POP3Profiles [2012/05/03 12:36:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Premium [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2011/10/23 09:37:58 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü [2011/11/10 14:13:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2011/10/23 09:37:58 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen [2011/11/10 14:06:26 | 000,000,000 | ---D | M] -- D:\ProgramData\W3i [2012/06/14 07:26:39 | 000,000,000 | ---D | M] -- D:\ProgramData\wxDfast [2012/06/14 07:26:39 | 000,000,000 | ---D | M] -- D:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2012/06/10 04:02:59 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und wenn ich das gefixt habe und der Computer läuft wieder, ist der Trojaner dann noch da ? Muss ich den Trojaner dann noch Manuell entfernen ? Auf welche Sachen muss ich achten, wenn ich es mit eurem Code gefixt habe ? Meine wichtigeste Frage: Sind meine Daten verloren ? Ich hoffe ich habe mich verständlich ausgedrückt. Ich danke schon mal im Voraus für eure Antwort |
18.06.2012, 12:11 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | 256 bit AES Verschlüsselung ,Windows Update Trojaner 100 EuroZitat:
Versehentlich? Sry, nein Zitat:
OTLPE iwird als Live-System verwendet wenn das installierte Windows nicht mehr bediebar ist! Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung
__________________ |
19.06.2012, 20:23 | #3 |
| 256 bit AES Verschlüsselung ,Windows Update Trojaner 100 Euro Hi danke für die schnelle Antwort
__________________Ich hatte auch im Chip forum geschrieben und die haben mir gesagt welchen ordner ich löschen sollte. Das habe ich auch gemacht. Dann sagten sie dass ich mit einer LIVE- CD meine Daten sichern sollte und mein System dann neu aufsetzen soll. Ich konnte Wyndows nach dem löschen des Ordners ganz normal starten. Es lief auch wieder alles. Jedoch haben meine Daten komische Buchstaben. Zum Beispiel Meine Musik :AdzTCDZz, also so ein Wirrwar. Ich wollte meine Daten noch auf einen Stick kopieren und dann wollte ich meine Festplatte formatieren und das System aufsetzen. Kann ich diese "Wirrwar" Daten noch retten ? MFG |
20.06.2012, 10:31 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 256 bit AES Verschlüsselung ,Windows Update Trojaner 100 Euro
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu 256 bit AES Verschlüsselung ,Windows Update Trojaner 100 Euro |
256 bit, 256 bit aes schlüssel, antivir, autorun, avira, bho, computer, daten sichern, defender, desktop, entfernen, error, euro, firefox, format, frage, helper, home, langs, launch, link geöffnet, logfile, mozilla, object, plug-in, problem, realtek, registry, scan, software, tarma, trojaner, windows, yontoo |