|
Log-Analyse und Auswertung: Mit Windows-Verschlüsselungs-Trojaner infiziert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.06.2012, 20:19 | #1 |
| Mit Windows-Verschlüsselungs-Trojaner infiziert. Hallo, habe auf einem WinXP-Rechner eines Kunden folgenden Trojaner: Der Bildschirm kommt direkt nach dem Starten des Rechners. Andere Aktionen sind nicht durchführbar. Leider kann ich nicht sagen auf welche Art der Trojaner seinen Weg auf den Rechner gefunden hat. Vermutlich per E-Mail als Anhang. E-Mail aller Voraussicht nach nicht mehr vorhanden. Beim Start im Abgesicherten Modus (egal ob mit Eingabeaufforderung oder mit Netzwerktreibern) bricht der Start immer wieder ab und der Rechner bootet neu. Meine Recherche in eurem Board ergab, dass ich OTLPE auf dem betroffenen Rechner per CD booten soll. Ich habe auch bereits den Scan durchgeführt (allerdings ohne Custom Scans/Fixes). Hoffe das war sinnvoll? Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/19/2012 9:48:42 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,022.00 Mb Total Physical Memory | 650.00 Mb Available Physical Memory | 64.00% Memory free 906.00 Mb Paging File | 685.00 Mb Available in Paging File | 76.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 141.23 Gb Total Space | 94.82 Gb Free Space | 67.14% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - [2012/04/26 16:49:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 12:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010/09/06 13:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/09/13 13:09:04 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2007/08/03 22:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2007/07/22 15:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto] -- C:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004/12/27 11:12:16 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | System] -- -- (VClone) DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2009/08/05 17:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/01/09 07:03:40 | 000,213,640 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/01/09 07:03:06 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2007/10/25 04:52:00 | 000,015,488 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2007/10/25 04:47:44 | 000,487,424 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2007/08/24 14:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/08/07 14:47:00 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2007/08/07 14:46:59 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2006/01/17 04:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006/01/17 04:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2006/01/17 04:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006/01/17 04:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/01/17 04:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006/01/13 11:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/11/28 06:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005/11/27 01:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005/11/16 10:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp) DRV - [2005/09/09 05:21:02 | 001,120,416 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/06/23 16:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004/11/30 21:54:50 | 000,093,632 | R--- | M] (VM) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Paul_Panzer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKU\Paul_Panzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Paul_Panzer_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\Paul_Panzer_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\Paul_Panzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/26 16:49:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/20 15:47:06 | 000,000,000 | ---D | M] [2012/01/04 03:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/08/28 17:28:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/04/26 16:49:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2011/10/03 11:48:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/03 11:48:55 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011/10/03 11:48:55 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011/10/03 11:48:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/03 11:48:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/03 11:48:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\Paul_Panzer_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\Paul_Panzer_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\Paul_Panzer_ON_C..\Run: [4C086CFC] C:\WINDOWS\system32\06F038884C086CFC20C4.exe (AIMP DevTeam) O4 - HKU\Paul_Panzer_ON_C..\Run: [Badoo Desktop] File not found O4 - HKU\Paul_Panzer_ON_C..\Run: [ICQ] C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Paul Panzer\Startmenü\Programme\Autostart\Analoguhr.lnk = C:\Dokumente und Einstellungen\Paul Panzer\Lokale Einstellungen\Temp\Temporäres Verzeichnis 3 für clock.zip\CLOCK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Paul_Panzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Paul_Panzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Paul_Panzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Paul_Panzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258765039640 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\06F038884C086CFC20C4.exe) - C:\WINDOWS\system32\06F038884C086CFC20C4.exe (AIMP DevTeam) O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/11 10:19:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/19 13:36:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/06/05 07:25:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\Bnlbnlb [2012/06/05 07:24:59 | 000,088,064 | -H-- | C] (AIMP DevTeam) -- C:\WINDOWS\System32\06F038884C086CFC20C4.exe [2012/06/05 05:47:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Paul Panzer\Lokale Einstellungen\Anwendungsdaten\Sun [2012/05/28 09:00:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012/05/27 11:19:34 | 000,000,000 | ---D | C] -- C:\Programme\Oracle [2012/05/27 11:19:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\Oracle [2012/05/27 11:19:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/05/27 11:19:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/05/27 11:19:06 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/05/27 11:19:06 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/05/25 15:44:52 | 000,000,000 | ---D | C] -- C:\Programme\Zylom Games [2012/05/25 15:44:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/19 14:15:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/19 13:48:28 | 000,013,776 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/19 13:48:25 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/06/19 13:48:22 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/05 07:24:59 | 000,088,064 | -H-- | M] (AIMP DevTeam) -- C:\WINDOWS\System32\06F038884C086CFC20C4.exe [2012/06/05 07:19:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/04 17:52:43 | 000,000,772 | ---- | M] () -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/05/28 09:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012/05/27 11:18:48 | 000,455,196 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/05/27 11:18:48 | 000,437,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/27 11:18:48 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/05/27 11:18:48 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/05/27 11:18:48 | 000,070,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/05/27 11:18:47 | 000,083,162 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/05/25 08:27:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/05/24 12:24:11 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/05 07:25:45 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325 [2012/06/05 07:25:45 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/06/05 07:25:45 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/06/05 07:25:45 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/06/05 07:25:45 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/06/05 07:25:45 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/02/15 03:51:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/04/03 19:10:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/08/28 20:13:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/12/10 09:55:56 | 001,138,688 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi [2008/08/28 05:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/08/16 08:34:20 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\$_hpcst$.hpc [2008/06/20 04:23:11 | 000,000,019 | ---- | C] () -- C:\WINDOWS\retrieve.ini [2008/05/22 11:13:02 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KUBUS.INI [2008/05/16 05:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2008/04/21 13:04:29 | 000,000,825 | ---- | C] () -- C:\WINDOWS\uninst.ini [2008/02/05 08:35:33 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/02/04 15:19:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/01/26 17:12:18 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2008/01/26 17:11:10 | 000,032,825 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008/01/26 17:11:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2008/01/26 17:10:13 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/01/26 17:10:11 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2008/01/26 17:09:29 | 000,006,271 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2008/01/26 16:58:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/12/29 17:49:14 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll [2007/10/09 07:34:42 | 000,000,087 | ---- | C] () -- C:\WINDOWS\fpxpress.ini [2007/10/04 16:00:34 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2007/10/04 16:00:24 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2007/09/16 09:05:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\amcap.exe [2007/08/07 14:47:00 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007/08/07 14:46:59 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007/06/24 11:35:23 | 000,082,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Paul Panzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/05/15 16:17:33 | 000,000,283 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2007/05/15 07:56:04 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tm.ini [2007/05/13 06:36:24 | 000,000,352 | ---- | C] () -- C:\WINDOWS\wiso.ini [2007/05/13 03:56:12 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MB.ini [2007/05/13 03:28:37 | 000,000,308 | ---- | C] () -- C:\WINDOWS\BUHL.INI [2007/05/12 16:54:50 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2007/05/12 04:52:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe [2007/05/12 04:52:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2007/05/11 10:56:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/05/11 10:54:56 | 000,368,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/05/11 10:22:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/05/11 10:16:02 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/11/30 05:27:17 | 000,016,183 | ---- | C] () -- C:\WINDOWS\System32\SELF32.INI [2006/11/30 05:26:51 | 000,373,248 | ---- | C] () -- C:\WINDOWS\System32\BpShellEx.dll [2006/01/19 02:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/01/19 02:43:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006/01/19 02:43:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/01/19 02:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006/01/19 02:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/01/19 02:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/01/19 02:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006/01/19 02:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006/01/19 02:43:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/01/17 04:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 08:00:00 | 000,455,196 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/04 08:00:00 | 000,437,658 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 08:00:00 | 000,083,162 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/04 08:00:00 | 000,070,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1601/02/13 04:28:18 | 000,010,231 | ---- | C] () -- C:\Dokumente und Einstellungen\Paul Panzer\UGfsyEjnqosdxV ========== LOP Check ========== [2012/06/05 07:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\Bnlbnlb [2011/06/16 13:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\com.socialbox.socialbox [2008/09/12 20:43:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\DataDesign [2012/06/05 07:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\ICQ [2007/05/13 04:32:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\ICQ Toolbar [2007/05/13 04:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\ICQLite [2008/09/14 15:41:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\IEPro [2012/06/05 07:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\KUBUS [2008/09/14 16:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\MiniDm [2012/06/05 07:35:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\MSNInstaller [2012/05/27 11:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\Oracle [2012/06/05 07:35:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\SpeedSim [2008/01/15 11:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\WEB.DE [2009/11/20 20:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Paul Panzer\Anwendungsdaten\Windows Live Writer [2011/06/12 08:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo [2009/09/01 18:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Boss Media [2007/05/15 16:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2007/05/13 03:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2009/11/06 11:34:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Geek Squad [2011/03/10 18:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008/08/28 07:03:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kubus light [2008/01/15 11:06:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE [2012/05/25 15:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2008/11/14 20:13:12 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2008/07/31 19:00:12 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job ========== Purity Check ========== < End of report > OK, soweit erst einmal. Ich danke im Voraus. |
Themen zu Mit Windows-Verschlüsselungs-Trojaner infiziert. |
ad-aware, bho, bildschirm, bingbar, booten, desktop, disabletaskmgr, e-mail, einstellungen, error, explorer, firefox, format, helper, infiziert., kunde, launch, logfile, mozilla, netzwerk, object, plug-in, realtek, registry, scan, security, security scan, software, starten, trojaner, version=1.0, windows, windows xp, xp-rechner |