| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Verschlüsselungs Trojaner und kein BackupWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.07.2012, 06:28
| #1 |
| |  Windows Verschlüsselungs Trojaner und kein Backup Hallo, mein Schwager hat sich gestern den Trojaner eingefangen. Er hat leider einen Anhang in einer E-Mail geöffnet, in der er was bezahlen soll. Nun hat er den Salat. Ein Backup von seinem Notebook bzw. wichtigen Dateien hat er nicht.  Starten von Windows XP geht bis zum Desktop und dann wird der Bildschirm schwarz und es erscheint das Bild von dem Trojaner. Abgesicherter Modus geht gar nicht, endet mit BlueScreen bzw. gleich Neustart. Also komme ich Malwarebytes nicht weiter. Dann den OTL gestartet. Hier ist das Log: Code:
ATTFilter OTL logfile created on: 7/13/2012 12:46:03 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93.10 Gb Total Space | 28.40 Gb Free Space | 30.50% Space Free | Partition Type: FAT32
Drive D: | 139.70 Gb Total Space | 71.37 Gb Free Space | 51.09% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Disabled] -- -- (NMIndexingService)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2012/06/23 23:32:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 11:42:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 11:41:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/14 12:59:22 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/03/17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/10/23 19:35:40 | 000,364,629 | ---- | M] (Atheros) [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/05/08 11:42:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 11:42:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:02 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/26 10:14:02 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2009/05/25 13:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009/05/25 13:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 13:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009/05/25 13:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/25 13:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009/05/25 13:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 13:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2008/10/04 14:12:46 | 000,300,544 | ---- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008/06/20 16:58:08 | 004,741,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/23 00:34:52 | 002,880,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/03/03 20:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2008/02/05 15:52:24 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2008/01/31 19:18:58 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007/10/26 02:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/09/06 16:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/07/03 19:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/12/17 23:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/04/06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006/03/21 16:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
IE - HKU\***_ON_C\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\***_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\systemprofile_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008/09/10 20:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008/09/10 20:37:18 | 000,000,000 | ---D | M]
[2008/09/10 20:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mozilla\Extensions
[2008/09/10 20:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mozilla\Firefox\Profiles\0exp8dfn.default\extensions
[2012/07/12 18:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\VUrOoXaGQJjslVO
[2012/07/12 18:25:42 | 000,002,401 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\rOyjpUfvoneGtrjyapdQ
[2012/07/12 18:25:44 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\QAsDdfOLoXGtJqAs
[2012/07/12 18:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\fQvosDtgrjqpdfQnosxs
[2012/07/12 18:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\oLDsGrjyXaVQJE
[2012/07/12 18:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\eGtOyjafUvonleGrOyXaV
[2012/07/12 18:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\pTfQvosDsgrjTpdfQno
[2012/07/12 18:25:42 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\rEnasGQjyleVgNEpa
[2012/07/12 18:25:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\dfgroXTsJuAsDUNgLoX
[2012/07/12 18:25:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\UuLoDeGgrjXaVJQL
[2012/07/12 18:25:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0exp8dfn.default\searchplugins\QnlsxrgqjTfdvon
[2008/09/10 20:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009/07/18 13:01:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/30 18:54:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2012/06/23 23:32:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2006/07/31 16:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011/11/10 05:54:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/23 23:32:36 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012/06/23 23:32:36 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/23 23:32:36 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/23 23:32:36 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/23 23:32:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/06/23 23:32:36 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
O1 HOSTS File: ([2001/08/18 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()
O4 - HKU\***_ON_C..\Run: [38731AF8] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rlzsrfyyc\rvgurvkwun.exe (Toshiba)
O4 - HKU\***_ON_C..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\***_ON_C..\Run: [Power2GoExpress] File not found
O4 - HKU\***_ON_C..\Run: [znbzkwun] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\***_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\***_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\***_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\***_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/18 20:28:40 | 000,000,641 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{aa0bc91e-3407-11df-b036-001e8c7e976b}\Shell - "" = AutoRun
O33 - MountPoints2\{aa0bc91e-3407-11df-b036-001e8c7e976b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa0bc91e-3407-11df-b036-001e8c7e976b}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{d6fddabe-bf29-11de-af4c-001e8c7e976b}\Shell - "" = AutoRun
O33 - MountPoints2\{d6fddabe-bf29-11de-af4c-001e8c7e976b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6fddabe-bf29-11de-af4c-001e8c7e976b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Play.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/07/12 20:20:42 | 000,000,000 | -HSD | C] -- C:\FOUND.012
[2012/07/12 18:49:10 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[2012/07/12 18:13:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rlzsrfyyc
[2012/07/12 18:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Yychinmkp
[2012/06/26 21:51:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE
[2012/06/26 21:39:04 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2012/06/26 21:39:04 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2012/06/26 21:39:03 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2012/06/26 21:37:13 | 016,474,544 | ---- | C] (Nullsoft, Inc.) -- C:\winamp5623_full_emusic-7plus_all.exe
[2012/03/30 18:43:00 | 000,944,264 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
[2012/01/18 13:02:33 | 004,028,936 | ---- | C] (TeamViewer GmbH) -- C:\Programme\TeamViewer_Setup_de.exe
[2010/08/02 08:37:30 | 008,907,320 | ---- | C] (concept/design GmbH ) -- C:\Programme\otv53setup.exe
[2010/08/02 07:58:17 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup234.exe
[2010/04/14 10:02:03 | 008,188,856 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 3.6.3.exe
[2010/03/21 10:55:38 | 011,300,632 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp5572_full_emusic-7plus_de-de.exe
[2010/03/20 20:35:11 | 003,750,624 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp5572_lite_de-de.exe
[2009/02/13 20:06:09 | 069,076,264 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2008/11/01 14:42:58 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Programme\picasaweb-current-setup.exe
[2008/10/09 20:51:23 | 015,754,960 | ---- | C] ( ) -- C:\Programme\gimp-2.6.0-i686-setup-1.exe
[2008/10/04 13:52:18 | 027,580,296 | ---- | C] ( ) -- C:\Programme\AdbeRdr90_de_DE.exe
[2008/09/22 11:44:25 | 022,175,647 | ---- | C] (Media Contact LLC ) -- C:\Programme\Eldorado_Puzzle.exe
[2008/09/22 11:37:13 | 022,368,166 | ---- | C] (INTENIUM GmbH) -- C:\Programme\bengal.exe
[2008/09/22 11:31:55 | 156,208,384 | ---- | C] (Pinnacle Systems ) -- C:\Programme\VideoSpin_1_1_Setup.exe
[2008/09/20 02:00:44 | 014,595,592 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayer11GOLD_de.exe
[2008/09/19 15:53:55 | 007,914,398 | ---- | C] (concept/design GmbH ) -- C:\Programme\otv43setup.exe
[2008/09/10 21:37:53 | 001,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\install_flash_player.exe
[2008/09/10 21:12:36 | 002,928,600 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup211.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/12 22:50:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/12 18:25:12 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\JELTVdNjqlsxQvEpTfO
[2012/07/12 18:23:18 | 000,000,065 | ---- | M] () -- C:\Dokumente und Einstellungen\***\tVGTeplTenjoyLAQNJOQ
[2012/07/12 18:21:40 | 000,000,512 | ---- | M] () -- C:\eGQJELTfUrjqltxuLo
[2012/07/12 18:20:22 | 000,018,353 | ---- | M] () -- C:\quALqojLTlpsaDfsdx
[2012/07/12 18:20:20 | 012,875,776 | ---- | M] () -- C:\uOvEjnqoApeaDXss
[2012/07/12 18:19:52 | 000,007,740 | ---- | M] () -- C:\rtgvruOJyojLyEl
[2012/07/12 18:19:52 | 000,000,512 | ---- | M] () -- C:\qojpeaDXedGVtUJNuOJ
[2012/07/11 19:21:44 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Skype.lnk
[2012/07/10 16:44:46 | 000,000,454 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2012/07/08 11:21:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/06 16:02:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/06 15:43:10 | 000,241,664 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 21:39:14 | 000,000,541 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Winamp.lnk
[2012/06/26 21:37:38 | 016,474,544 | ---- | M] (Nullsoft, Inc.) -- C:\winamp5623_full_emusic-7plus_all.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/11 17:44:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 12:56:49 | 021,073,936 | ---- | C] () -- C:\Programme\vlc-1.1.11-win32.exe
[2010/08/13 19:44:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/02 08:40:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2010/08/02 08:40:44 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2010/08/02 08:03:32 | 005,279,114 | ---- | C] () -- C:\Programme\SopCast-3.2.9.zip
[2010/05/02 19:33:38 | 005,279,114 | ---- | C] () -- C:\Programme\SopCast329.zip
[2010/03/25 12:01:25 | 042,341,360 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2010/03/20 11:02:31 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2009/02/13 20:05:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009/01/16 14:10:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/12/02 17:51:35 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2008/12/02 17:31:05 | 000,000,454 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/12/02 17:28:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2008/12/02 17:28:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/12/02 17:28:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/12/02 17:28:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2008/12/02 17:28:00 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/11/01 14:47:29 | 000,036,400 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/19 10:56:46 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/10/09 20:10:13 | 007,730,856 | ---- | C] () -- C:\Programme\GoogleEarthWin7284.exe
[2008/10/07 18:23:42 | 009,862,208 | ---- | C] () -- C:\Programme\Azureus_2.5.0.4_Win32.setup.exe
[2008/10/04 14:21:39 | 000,000,065 | ---- | C] () -- C:\Dokumente und Einstellungen\***\tVGTeplTenjoyLAQNJOQ
[2008/10/03 19:39:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/22 12:03:10 | 000,691,964 | ---- | C] () -- C:\Programme\setup-mg.exe
[2008/09/22 11:56:46 | 062,259,200 | ---- | C] () -- C:\Programme\CaromV501.exe
[2008/09/22 11:45:24 | 001,741,569 | ---- | C] () -- C:\Programme\yatzee_v1.1.exe
[2008/09/22 11:42:29 | 024,791,336 | ---- | C] () -- C:\Programme\xmoto-0.4.2-win32-setup.exe
[2008/09/22 11:40:19 | 007,047,439 | ---- | C] () -- C:\Programme\PK2_Installer.exe
[2008/09/19 16:08:11 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/09/16 18:22:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/10 21:13:11 | 001,440,047 | ---- | C] () -- C:\Programme\wrar371d.exe
[2008/09/10 20:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/09 23:06:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/09 21:59:01 | 000,241,664 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 21:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/09 21:56:01 | 000,001,567 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/09 21:38:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/09 21:34:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/09 20:14:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/09 19:29:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/09/09 04:21:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/09 04:20:52 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/22 21:56:42 | 000,067,965 | ---- | C] () -- C:\WINDOWS\System32\Oemdspif.dll
[2008/04/22 21:36:18 | 000,886,192 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dll
[2008/04/22 21:35:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/04/22 21:35:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/04/22 21:35:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/06 10:40:54 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/03/06 14:39:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\revdevdll.dll
[2006/12/05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/02/20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/18 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 12:00:00 | 000,452,390 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 12:00:00 | 000,435,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 12:00:00 | 000,081,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 12:00:00 | 000,068,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2001/08/18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2008/09/09 22:30:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ACD Systems
[2008/09/19 16:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\concept design
[2008/11/27 17:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zylom
[2009/04/05 20:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
[2009/07/18 13:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2009/07/27 20:02:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canneverbe_Limited
[2009/10/15 21:23:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Toolbars
[2009/10/15 21:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Desktopicon
[2010/01/14 18:59:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.#
[2010/03/22 12:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sony
[2010/03/22 12:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sony Setup
[2010/09/22 01:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[2011/10/27 20:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2012/01/18 13:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer
[2012/07/12 21:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Yychinmkp
[2012/07/12 18:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Rlzsrfyyc
[2008/09/22 12:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameXzone
[2008/09/22 13:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2008/10/03 17:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SEC
[2008/11/27 17:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2008/11/27 17:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy2
[2008/12/09 20:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/04/06 17:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/07/18 13:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010/03/26 09:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011/04/10 10:52:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
========== Purity Check ==========
< End of report >
Vielen Dank schon mal. Grüße Ich möchte ja nicht unverschämt sein und drängeln, aber kann sich jemand meinem Thema widmen und mir etwas helfen. Komme jetzt nicht mehr weiter, bzw. ich weiß nicht, was ich an der OTL-Text-datei ändern muss um den Fix zu starten.  Geändert von starfox2000 (13.07.2012 um 06:37 Uhr) Grund: Namen entfernt |
| Themen zu Windows Verschlüsselungs Trojaner und kein Backup |
| ad-aware, antivir, avira, bho, bildschirm, bluescreen, bonjour, ccsetup, cdburnerxp, conduit, desktop, e-mail, error, firefox, helper, homepage, installation, launch, logfile, mozilla, ohne backup, plug-in, realtek, registry, scan, software, stick, trojaner, usb, verschlüsselungs-trojaner, videospin, windows, windows xp, ändern |
Baum-Darstellung