| |
| |||||||
Log-Analyse und Auswertung: PC infiziert mit Windows-Verschlüsselungs-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.05.2012, 18:25
| #1 |
 |  PC infiziert mit Windows-Verschlüsselungs-Trojaner Guten Abend zusammen, eine Bekannte hat sich mit dem Windows-Verschlüsselungs-Trojaner infiziert. Sie hat letzte Woche eine dubiose Email samt Anhang geöffnet. Seither kommt beim hochfahren immer nur ein schwarzer Bildschirm mit den Worten ""Willkommen bei Windows Update. Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert....[etc]" Ich habe im Prinzip dasselbe Problem wie Andy1987. http://www.trojaner-board.de/114483-...tml#post822423 Auf dieses Forum bin ich per Google-Suche gestoßen. Ich hoffe, ihr könnt mir weiterhelfen. Der infizierte PC ist ein Desktop PC mit Windows XP SP1 (fragt mich nicht, warum da noch SP1 installiert ist  )Ich habe jetzt die Anleitung von markusg abgearbeitet und den benutzerdefinierten Scan mit OTLPE gemacht. Anleitung: http://www.trojaner-board.de/114483-...tml#post822457 Hier ist das LOGFILE von OTLPE: Code:
ATTFilter OTL logfile created on: 5/14/2012 7:04:00 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 63.00% Memory free
459.00 Mb Paging File | 336.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.14 Gb Total Space | 36.89 Gb Free Space | 47.20% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.37 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive J: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/28 06:55:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla
Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame
Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/30 10:35:52 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS
\system32\ip6fwhlp.dll -- (Ip6FwHlp)
SRV - [2003/04/02 08:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS
\system32\mspmspsv.dll -- (WmdmPmSp)
SRV - [2002/08/21 16:44:40 | 000,313,016 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien
\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2002/08/21 14:45:52 | 000,116,320 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Norton AntiVirus
\Navapsvc.exe -- (navapsvc)
SRV - [2002/08/21 09:35:44 | 000,063,160 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Programme\Gemeinsame
Dateien\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2002/04/20 22:18:00 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2001/08/13 17:18:36 | 000,054,408 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien
\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame
Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/05/06 20:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\fwlanusb.sys -- (FWLANUSB)
DRV - [2009/05/06 20:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\avmeject.sys -- (avmeject)
DRV - [2003/06/06 05:24:26 | 000,155,648 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\TIACXLN.sys -- (TIACXLN)
DRV - [2003/05/07 10:36:24 | 000,026,679 | ---- | M] (Pinnacle Systems) [Kernel | Boot] -- C:\WINDOWS
\system32\drivers\vobid.sys -- (VOBID)
DRV - [2003/04/10 06:12:44 | 000,187,392 | ---- | M] (VOB Computersysteme GmbH) [File_System | System] -- C:\WINDOWS
\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2003/04/09 08:10:56 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/02/05 11:39:02 | 000,011,544 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\RecAgent.sys -- (RecAgent)
DRV - [2002/12/13 12:33:52 | 000,064,000 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2002/12/05 05:01:00 | 000,241,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2002/12/05 05:01:00 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2002/11/27 12:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/06 05:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS
\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002/08/28 20:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/08/19 05:00:00 | 000,590,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme
\Gemeinsame Dateien\Symantec Shared\VirusDefs\20020819.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/08/19 05:00:00 | 000,066,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme
\Gemeinsame Dateien\Symantec Shared\VirusDefs\20020819.002\NAVENG.SYS -- (NAVENG)
DRV - [2002/08/15 13:59:58 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme
\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/08/15 11:45:42 | 000,181,400 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS
\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2002/08/15 11:45:36 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2002/07/25 16:28:54 | 000,034,992 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS
\system32\drivers\Savrtpel.sys -- (SAVRTPEL)
DRV - [2002/07/25 16:28:48 | 000,235,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\savrt.sys -- (SAVRT)
DRV - [2002/04/20 22:18:00 | 000,521,872 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\slntamr.sys -- (Slntamr)
DRV - [2002/04/20 22:18:00 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\ntmtlfax.sys -- (NtMtlFax)
DRV - [2002/04/20 22:18:00 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\slnthal.sys -- (SlNtHal)
DRV - [2002/04/20 22:18:00 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/04/20 22:17:00 | 001,295,336 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\mtlstrm.sys -- (Mtlstrm)
DRV - [2002/04/20 22:17:00 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers
\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2002/04/17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2001/10/04 05:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS
\System32\drivers\vobcom.sys -- (vobcom)
DRV - [2001/08/17 07:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation
) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek
RTL8139(A/B/C)
DRV - [2001/08/17 06:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS
\system32\drivers\el90xbc5.sys -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bild.t-online.de
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\XXXXXXX_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\XXXXXXX_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun
Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN
Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox
\components [2012/04/28 06:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox
\plugins [2012/04/18 10:17:17 | 000,000,000 | ---D | M]
[2012/01/07 13:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/04/28 06:55:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components
\browsercomps.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins
\npdeployJava1.dll
[2012/04/28 06:55:33 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/28 06:55:33 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/04/28 06:55:33 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/28 06:55:33 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/28 06:55:33 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/28 06:55:33 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2003/04/02 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
(Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NAVShExt.dll
(Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus
\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft
Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Programme\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\XXXXXXX_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Programme\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\XXXXXXX_ON_C\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Programme\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\Gast_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Programme\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems,
Inc.)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared
\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems,
Inc.)
O4 - HKLM..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe (VOB Computersysteme GmbH)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\XXXXXXX_ON_C..\Run: [606733BB] C:\WINDOWS\system32\2B92BC8C606733BB7438.exe ()
O4 - HKU\XXXXXXX_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Gast_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\LocalService_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk =
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Image Monitor.lnk = C:
\Programme\Digital Image\Monitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\XXXXXXX_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00
[binary data]
O7 - HKU\XXXXXXX_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\XXXXXXX_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Gast_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-
9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
(Java Plug-in 1.6.0_30)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?
37851.0392013889 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
(Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
(Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared
\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien
\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole
DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien
\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole
DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System
\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien
\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System
\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft
Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft
Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft
Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\2B92BC8C606733BB7438.exe) - C:\WINDOWS
\system32\2B92BC8C606733BB7438.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT
/user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF
\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF
\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 8
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT
/user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS
\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\system32\mspmspsv.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - C:\WINDOWS\system32\ip6fwhlp.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/03 09:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/05/02 08:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Qihnnojnqo
[2012/04/28 06:55:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/04/28 06:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012/04/18 10:17:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[2012/04/18 10:16:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2003/09/02 11:32:32 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\TIACXLN.sys
[2003/08/17 12:45:04 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2003/08/17 12:45:04 | 000,011,544 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2003/08/17 11:40:40 | 000,521,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/08/17 11:40:40 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/08/17 11:40:40 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/08/17 11:40:40 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2003/08/17 11:40:39 | 001,295,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/08/17 11:40:39 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/03 09:24:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/03 09:24:10 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 09:24:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 08:19:43 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Microsoft
\Internet Explorer\Quick Launch\locked-Desktop anzeigen.scf.lqnj
[2012/05/02 08:19:38 | 000,182,682 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\locked-~.dpwm
[2012/05/02 08:12:24 | 002,690,840 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-
vcredist_x86.exe.smwp
[2012/05/02 08:12:23 | 039,401,336 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-
QuickTimeInstaller.exe.hyyf
[2012/05/02 08:12:23 | 023,510,720 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-
dotnetfx.exe.ougv
[2012/05/02 08:12:23 | 001,762,824 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-
2008vcredist_x86.exe.tlpe
[2012/05/02 08:12:23 | 000,002,613 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-
flagge_deutschland.gif.nugv
[2012/05/02 08:12:13 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Microsoft
\Internet Explorer\Quick Launch\locked-Desktop anzeigen.scf.vdxf
[2012/05/02 08:10:59 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
\Microsoft\Internet Explorer\Quick Launch\locked-Desktop anzeigen.scf.poqn
[2012/05/02 08:10:57 | 000,475,858 | ---- | M] () -- C:\locked-AnalysisLog.sr0.xrvg
[2012/05/02 08:10:04 | 000,105,472 | -H-- | M] () -- C:\WINDOWS\System32\2B92BC8C606733BB7438.exe
[2012/04/30 11:29:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/04/30 11:29:30 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/04/30 11:28:00 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/04/30 11:26:42 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/04/28 08:04:53 | 000,000,612 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/04/18 10:17:17 | 000,001,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
\Adobe Reader 7.0.lnk
[2012/04/18 10:17:17 | 000,001,741 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
\Autostart\Adobe Reader - Schnellstart.lnk
[2012/04/18 10:17:17 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader
7.0.lnk
[2012/04/18 10:17:17 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
\Autostart
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/02 08:10:04 | 000,105,472 | -H-- | C] () -- C:\WINDOWS\System32\2B92BC8C606733BB7438.exe
[2012/04/18 10:17:17 | 000,001,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
\Adobe Reader 7.0.lnk
[2012/04/18 10:17:17 | 000,001,741 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
\Autostart\Adobe Reader - Schnellstart.lnk
[2012/04/18 10:17:17 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader
7.0.lnk
[2009/11/21 04:57:14 | 000,003,006 | ---- | C] () -- C:\WINDOWS\Wickie.ini
[2009/08/29 14:18:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/06 20:01:00 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2006/03/08 11:47:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/01/15 13:05:53 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005/12/24 09:08:21 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/10/20 16:16:58 | 000,182,682 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXXXXX\locked-~.dpwm
[2003/11/30 12:25:10 | 000,123,904 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXXXXX\Lokale Einstellungen
\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/03 10:54:59 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2003/10/03 10:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/10/03 10:12:42 | 000,000,612 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2003/09/02 11:32:32 | 000,033,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLANGEN.bin
[2003/09/02 11:32:31 | 000,000,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO11.bin
[2003/09/02 11:32:31 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO0D.bin
[2003/08/20 05:46:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2003/08/20 05:46:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2003/08/20 05:46:47 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2003/08/20 05:46:47 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2003/08/20 05:46:47 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2003/08/19 09:07:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/18 07:54:48 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{CD869570-C91D-400D-AD3D-AFFB3B4F0F11}.dat
[2003/08/18 07:54:48 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{20C4489A-967D-4860-BA9E-AF606B6DCD1B}.dat
[2003/08/18 07:54:47 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat
[2003/08/18 07:24:38 | 000,000,898 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/18 06:46:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/18 06:30:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/08/18 06:29:26 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/17 12:45:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/08/17 12:45:04 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2003/08/17 12:45:04 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2003/08/17 12:45:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/08/17 12:45:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/08/17 12:44:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/17 12:43:44 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/17 11:49:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/17 11:46:48 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/17 11:40:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/08/17 11:40:40 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/08/17 11:40:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2003/08/17 11:40:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/08/17 11:40:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/08/17 11:40:38 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/08/17 11:40:25 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/08/17 11:40:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\OemLink.exe
[2003/08/17 11:40:24 | 000,001,288 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/17 11:40:16 | 000,405,118 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/08/17 11:40:16 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/08/17 11:40:16 | 000,070,580 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/08/17 11:40:16 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/08/17 11:40:04 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/08/17 11:40:04 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/17 11:40:02 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/17 11:40:02 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/17 11:40:02 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/17 11:40:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/17 11:40:01 | 000,004,549 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/17 11:40:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/17 11:39:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/17 11:39:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/17 11:39:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/17 11:39:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/17 11:39:43 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/05/05 03:55:36 | 000,393,728 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/03/28 09:26:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/03/28 09:17:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/02/27 11:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 11:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 11:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 11:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 11:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
========== LOP Check ==========
[2011/06/07 13:31:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Amazon
[2009/08/23 08:24:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Leadertech
[2012/05/02 08:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Qihnnojnqo
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2005/12/24 09:08:21 | 000,000,000 | ---D | M] -- C:\audio
[2012/04/19 01:06:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008/03/25 03:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2003/08/20 05:46:34 | 000,000,000 | ---D | M] -- C:\OEMDRV
[2003/08/18 06:28:59 | 000,000,000 | ---D | M] -- C:\pdwork
[2003/08/18 07:34:27 | 000,000,000 | ---D | M] -- C:\Phenomedia AG
[2012/04/28 06:55:40 | 000,000,000 | R--D | M] -- C:\Programme
[2008/03/23 09:15:24 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/05/14 18:59:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/05/02 08:20:53 | 000,000,000 | ---D | M] -- C:\T-online
[2009/03/17 09:52:28 | 000,000,000 | ---D | M] -- C:\Terzio
[2009/11/21 05:36:37 | 000,000,000 | ---D | M] -- C:\Tivola
[2012/05/03 09:24:10 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2003/04/02 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:
\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\eventlog.dll
[2003/04/02 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:
\WINDOWS\system32\dllcache\eventlog.dll
[2003/04/02 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:
\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2003/05/29 05:48:20 | 000,999,424 | ---- | M] (Microsoft Corporation) MD5=0589140C62D1A5D1ADC13C79266122DA -- C:
\WINDOWS\Driver Cache\i386\explorer.exe
[2003/05/29 05:48:20 | 000,999,424 | ---- | M] (Microsoft Corporation) MD5=0589140C62D1A5D1ADC13C79266122DA -- C:
\WINDOWS\explorer.exe
[2003/05/29 05:48:20 | 000,999,424 | ---- | M] (Microsoft Corporation) MD5=0589140C62D1A5D1ADC13C79266122DA -- C:
\WINDOWS\system32\dllcache\explorer.exe
[2003/04/02 08:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:
\WINDOWS\$NtUninstallKB820291$\explorer.exe
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\explorer.exe
< MD5 for: NETLOGON.DLL >
[2003/04/02 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:
\WINDOWS\system32\dllcache\netlogon.dll
[2003/04/02 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:
\WINDOWS\system32\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\scecli.dll
[2003/04/02 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:
\WINDOWS\system32\dllcache\scecli.dll
[2003/04/02 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:
\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:
\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:
\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2qfe\user32.dll
[2004/08/04 03:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\user32.dll
[2002/11/22 06:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:
\WINDOWS\system32\dllcache\user32.dll
[2002/11/22 06:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:
\WINDOWS\system32\user32.dll
[2005/03/02 14:21:03 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=DEF116925E1EA04691EC6362F197451E -- C:
\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp1qfe\user32.dll
[2005/03/02 14:21:03 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=DEF116925E1EA04691EC6362F197451E -- C:
\WINDOWS\SoftwareDistribution\Download\bf0d1dc87f812d268fa6140147738eb9\sp1qfe\user32.dll
[2003/04/02 08:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:
\WINDOWS\$NtUninstallQ328310$\user32.dll
< MD5 for: USERINIT.EXE >
[2003/04/02 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:
\WINDOWS\system32\dllcache\userinit.exe
[2003/04/02 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:
\WINDOWS\system32\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 03:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:
\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\winlogon.exe
[2003/04/02 08:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:
\WINDOWS\system32\dllcache\winlogon.exe
[2003/04/02 08:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:
\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:
\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:
\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2003/08/17 13:43:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/08/17 13:43:07 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/17 13:43:06 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2003/04/02 08:00:00 | 000,255,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS
\system32\mstask.dll
[2003/05/23 07:19:30 | 001,338,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS
\system32\SHDOCVW.DLL
[2003/06/11 07:44:48 | 008,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS
\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Besten Dank schonmal im vorraus! Geändert von _JackBauer_ (14.05.2012 um 18:28 Uhr) Grund: Links erneut eingefügt, habe Probleme mit links |
| Themen zu PC infiziert mit Windows-Verschlüsselungs-Trojaner |
| 0x00000001, administrator, bho, bildschirm, desktop, disabletaskmgr, einstellungen, email, error, explorer, firefox, format, homepage, infizierte, logfile, monitor.exe, mozilla, pc infiziert, plug-in, problem, realtek, registry, rundll, scan, schwarzer bildschirm, software, symantec, temp, warum, windows xp, winlogon.exe |
Baum-Darstellung