Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
verschlüsselung trojaner logfile auswertung

verschlüsselung trojaner logfile auswertung


Log-Analyse und Auswertung: verschlüsselung trojaner logfile auswertung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.07.2012, 10:38   #1
snoopy22
 
verschlüsselung trojaner logfile auswertung - Standard

verschlüsselung trojaner logfile auswertung


hallo,

hab ein problem mit nem verschüsselungstrojaner, vielleicht hatt jemand die möglichkeit mir das otl scan result auszuwerten?

Danke vorabOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/5/2012 12:27:20 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 117.19 Gb Total Space | 101.52 Gb Free Space | 86.63% Space Free | Partition Type: NTFS
Drive D: | 581.45 Gb Total Space | 560.35 Gb Free Space | 96.37% Space Free | Partition Type: NTFS
Drive E: | 14.89 Gb Total Space | 3.14 Gb Free Space | 21.10% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/23 15:39:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 13:41:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 13:41:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 15:17:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/04 11:40:10 | 001,564,368 | ---- | M] () [Auto] -- C:\Programme\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011/10/08 00:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/17 06:04:36 | 000,247,872 | ---- | M] () [Auto] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/05/08 13:41:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 13:41:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 11:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/07 19:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/31 06:38:00 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/24 23:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/03/24 23:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/16 11:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Chef_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/04 15:17:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012/03/31 04:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\mozilla\Extensions
[2012/07/03 17:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\mozilla\Firefox\Profiles\cbsb7xl3.default\extensions
[2012/02/18 05:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/05/04 15:17:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/02/08 13:36:16 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/08 13:21:19 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/08 13:36:16 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/08 13:36:16 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/08 13:36:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/08 13:36:16 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TheBflix Class) - {DFA2057C-38D3-4938-AD7F-380B4CC91A48} -  File not found
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Programme\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Chef\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Chef_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/16 09:19:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/05 03:11:12 | 001,862,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_000005_.tmp.dll
[2012/07/05 03:11:10 | 002,150,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_000012_.tmp.dll
[2012/07/05 03:11:10 | 002,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_000011_.tmp.dll
[2012/07/05 03:11:07 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\_000005_.tmp.dll
[2012/07/05 03:10:54 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe(2).dll
[2012/07/05 03:10:54 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil(2).dll
[2012/07/05 03:10:54 | 001,863,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k(2).sys
[2012/07/05 03:10:54 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon(2).dll
[2012/07/05 03:10:54 | 000,916,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet(2).dll
[2012/07/05 03:10:54 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(2).dll
[2012/07/05 03:10:54 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.wusetup.102484(2).new
[2012/07/05 03:10:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url(2).dll
[2012/07/05 03:10:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2(2).dll
[2012/07/05 03:10:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups(2).dll
[2012/07/05 03:10:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll.new
[2012/07/05 03:10:51 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.wusetup.108031.new
[2012/07/05 03:10:51 | 000,219,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl.new
[2012/07/05 03:10:51 | 000,097,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll.wusetup.101859.new
[2012/07/05 03:10:51 | 000,097,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll.new
[2012/07/05 03:10:51 | 000,053,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe.new
[2012/07/05 03:10:50 | 001,933,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll.new
[2012/07/05 03:10:50 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll.new
[2012/07/05 03:10:50 | 000,210,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll.new
[2012/07/05 03:10:43 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/07/05 03:10:37 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll.new
[2012/07/05 03:10:22 | 000,000,000 | -H-D | C] -- C:\ErdUndoCache
[2012/07/05 02:36:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2012/07/05 01:53:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2012/07/05 01:52:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2012/07/05 01:52:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/07/05 01:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2012/07/03 17:28:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2012/07/03 17:28:30 | 000,000,000 | ---D | C] -- C:\Programme\biu software
[2012/07/03 17:20:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2012/07/02 15:06:11 | 000,000,000 | ---D | C] -- C:\Programme\biu software(2)
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/05 05:18:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/05 04:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/05 04:19:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/05 04:19:24 | 000,000,590 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/05 04:19:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/07/05 03:24:45 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/05 03:16:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/05 03:14:58 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/07/05 03:14:58 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/07/05 03:14:32 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/07/05 03:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2012/07/05 03:10:53 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/07/05 02:49:39 | 000,535,426 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/07/05 02:49:39 | 000,509,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/05 02:49:39 | 000,109,114 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/07/05 02:49:39 | 000,090,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/05 02:21:18 | 000,000,150 | -H-- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\.~lock.VdgpVLaLXvosLlG#
[2012/07/05 02:10:35 | 000,000,127 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/07/05 01:52:52 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/07/05 01:52:51 | 000,000,586 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/05 01:52:47 | 000,001,806 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2012/07/05 01:52:47 | 000,001,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/07/05 01:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2012/07/03 17:35:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/02 14:40:29 | 000,000,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\18.Geburtstag.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/05 03:11:10 | 000,011,042 | ---- | C] () -- C:\WINDOWS\_000010_.tmp.dll
[2012/07/05 03:11:10 | 000,008,410 | ---- | C] () -- C:\WINDOWS\_000005_.tmp.dll
[2012/07/05 03:11:07 | 000,023,526 | ---- | C] () -- C:\WINDOWS\_000072_.tmp.dll
[2012/07/05 03:11:07 | 000,008,410 | ---- | C] () -- C:\WINDOWS\_000004_.tmp.dll
[2012/07/05 03:10:53 | 000,001,771 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/07/05 03:10:52 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/07/05 03:10:51 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2012/07/05 03:10:51 | 000,000,947 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\PC Inspector File Recovery.lnk
[2012/07/05 03:10:49 | 000,000,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\18.Geburtstag.lnk
[2012/07/05 03:10:47 | 000,008,410 | ---- | C] () -- C:\WINDOWS\KB2685939.cat
[2012/07/05 03:10:39 | 000,011,042 | ---- | C] () -- C:\WINDOWS\KB2707511.cat
[2012/07/05 02:21:18 | 000,000,150 | -H-- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\.~lock.VdgpVLaLXvosLlG#
[2012/07/05 02:08:21 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/07/05 01:52:51 | 000,000,586 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/05 01:52:51 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/07/05 01:52:50 | 000,000,590 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/05 01:52:47 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2012/07/05 01:52:47 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/07/03 17:35:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/02 15:06:11 | 000,002,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Startmenü\Programme\DVD-Cover Printmaster.lnk
[2012/05/09 10:54:22 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/12 14:25:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 11:22:32 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/02/16 11:13:38 | 000,004,061 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/02/16 11:13:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/02/16 10:15:51 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/16 10:15:51 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/16 10:15:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/02/16 10:15:34 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/16 09:20:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/16 09:16:51 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/16 09:11:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/16 09:10:50 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/15 18:52:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,535,426 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,509,158 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,109,114 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,090,804 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2012/03/31 06:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\biu software
[2012/06/01 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Elhclwiud
[2012/06/01 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\ICQ
[2012/03/31 03:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\OpenOffice.org
[2012/06/03 04:46:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\TeamViewer
[2012/06/01 13:58:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2012/02/18 06:03:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012/02/18 06:08:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP
[2012/02/18 06:08:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2
[2012/02/18 06:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup
[2012/06/01 13:53:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
[2012/07/02 14:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2012/06/01 13:52:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenuEX
[2012/06/01 13:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt
[2012/03/04 11:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012/03/17 13:39:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2012/03/17 13:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
[2012/06/01 13:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TheBflix
[2012/07/05 04:19:24 | 000,000,590 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/07/05 01:52:51 | 000,000,586 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/07/05 01:52:52 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/07/05 04:19:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/07/05 03:11:22 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012/07/03 17:28:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012/07/05 03:11:32 | 000,000,000 | -H-D | M] -- C:\ErdUndoCache
[2012/07/05 02:36:48 | 000,000,000 | R--D | M] -- C:\Programme
[2012/03/31 05:07:43 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/07/05 03:14:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/05 03:24:51 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2012/06/01 13:52:30 | 000,000,000 | -H-D | M] -- C:\x64drvsys
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
[2012/02/07 11:19:30 | 003,149,736 | ---- | M] (Safer-Networking Ltd.) MD5=511D1BEF41D4A018501139F409DE5ED6 -- C:\Programme\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2012/03/17 14:10:19 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/03/17 12:55:05 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2012/03/17 14:10:19 | 013,893,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/03/17 14:10:19 | 004,456,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/05/11 14:10:22 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/05/11 10:40:24 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >
--- --- ---
 

Themen zu verschlüsselung trojaner logfile auswertung
auswertung, auszuwerten, canon, google earth, incredibar toolbar, incredibar.com, logfile, logfile auswertung, montera, möglichkeit, otl scan, plug-in, problem, refresh, safer networking, scan, softonic, troja, trojaner, verschlüsselung, verschlüsselung trojaner


« Trojan-Ransom.Win32.Gimemo.rmo desktop gesperrt | mystart incredibar eingefangen - logfile liegt vor. »


Ähnliche Themen: verschlüsselung trojaner logfile auswertung


  1. Trojaner / Virus auf meinem Pc - Logfile Auswertung
    Log-Analyse und Auswertung - 19.03.2013 (1)
  2. OTL-Logfile-Auswertung nach GVU-Trojaner-Infizierung
    Log-Analyse und Auswertung - 09.07.2012 (2)
  3. Verschlüsselung Trojaner - Anti-Malware und Logfile nicht möglich
    Log-Analyse und Auswertung - 09.07.2012 (9)
  4. BKA Trojaner - Logfile auswertung
    Log-Analyse und Auswertung - 04.07.2012 (2)
  5. BKA Trojaner - Logfile Auswertung
    Log-Analyse und Auswertung - 17.05.2012 (2)
  6. BKA Trojaner ransom.di.31 , Logfile Auswertung
    Log-Analyse und Auswertung - 19.08.2011 (1)
  7. Bitte um OLT logfile auswertung! betreff: (bundeskriminalamt) trojaner
    Log-Analyse und Auswertung - 20.04.2011 (2)
  8. Hijackthis Logfile auswertung <--- trojaner ?
    Log-Analyse und Auswertung - 05.06.2010 (3)
  9. Trojaner, Probleme mit Malwarebytes AM und LogFile Auswertung
    Mülltonne - 26.01.2010 (3)
  10. Performance Center, Trojaner? LogFile Auswertung
    Log-Analyse und Auswertung - 13.01.2010 (21)
  11. AntiVir findet 2 Trojaner - Bitte um Hijack-Logfile-Auswertung
    Log-Analyse und Auswertung - 17.02.2009 (1)
  12. Trojaner - Hilfe bei LogFile-Auswertung
    Mülltonne - 02.07.2008 (1)
  13. LogFile Auswertung hab Trojaner problem !!!!!! bitte hilft mir
    Mülltonne - 20.05.2008 (0)
  14. bitte logfile-auswertung - trojaner? + windows-problem
    Log-Analyse und Auswertung - 19.05.2008 (11)
  15. Bitte um Logfile Auswertung - Trojaner
    Log-Analyse und Auswertung - 13.12.2007 (5)
  16. Logfile-Auswertung (Trojaner hleader_dll.dll)
    Log-Analyse und Auswertung - 08.11.2005 (11)
  17. Trojaner: Keylogger.HotKeysHook -Logfile Auswertung
    Log-Analyse und Auswertung - 27.02.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema verschlüsselung trojaner logfile auswertung - hallo, hab ein problem mit nem verschüsselungstrojaner, vielleicht hatt jemand die möglichkeit mir das otl scan result auszuwerten? Danke vorabOTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: - verschlüsselung trojaner logfile auswertung...
Archiv
Du betrachtest: verschlüsselung trojaner logfile auswertung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19