| |
| |||||||
Log-Analyse und Auswertung: VerschlüsselungstrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.06.2012, 14:02
| #1 |
| |  Verschlüsselungstrojaner Hallo, auch ich bin leider auf das Problem mit dem Verschlüsselungstrojaner gestoßen und kann meinen Rechner nicht mehr vernüftig starten. Da ich mich hier schon ein wenig schlau gelesen habe, habe ich das mit der Boot-CD und dem logfile schonmal gemacht. Code:
ATTFilter OTL logfile created on: 6/10/2012 3:38:03 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.39 Gb Total Space | 103.21 Gb Free Space | 70.51% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 142.06 Gb Free Space | 95.31% Space Free | Partition Type: NTFS
Drive E: | 151.60 Gb Total Space | 68.17 Gb Free Space | 44.97% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/03/09 22:50:40 | 000,203,776 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/08 15:26:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:26:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 15:26:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/03 16:53:33 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/28 12:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/18 08:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/20 11:01:21 | 000,008,192 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2009/11/06 06:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/22 02:31:50 | 000,108,712 | ---- | M] () [Auto] -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/08 15:26:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 15:26:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/15 10:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/24 15:37:20 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011/03/09 23:33:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/09 22:15:18 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/04/29 00:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\androidusb.sys -- (HTCAND64)
DRV:64bit: - [2010/04/29 00:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/02 08:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 08:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2005/03/28 19:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anja_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Anja_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/11 07:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 16:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/18 12:21:29 | 000,000,000 | ---D | M]
[2011/09/21 12:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\Mozilla\Extensions
[2012/05/06 06:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\bltnptnr.default\extensions
[2011/11/17 03:53:10 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\bltnptnr.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/01/07 06:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/01/11 07:53:17 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\ANJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLTNPTNR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BLTNPTNR.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI
[2012/05/03 16:53:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 21:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/09/02 20:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/02 20:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/02 20:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/02 20:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/02 20:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/02 20:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Anja_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\Anja_ON_C..\Run: [00320FC9] C:\Users\Anja\AppData\Roaming\Enlb\260C317600320FC9F9D6.exe (Al Momento Non è Registrata)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Bewerbung 2007 Reminder.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{bbaf59ed-6ce4-11e1-bc58-00261805a3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{bbaf59ed-6ce4-11e1-bc58-00261805a3a6}\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/08 17:27:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/07 07:08:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Enlb
========== Files - Modified Within 30 Days ==========
[2012/06/10 08:19:41 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/10 08:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/10 08:19:25 | 1609,961,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 17:33:52 | 000,661,512 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/08 17:33:52 | 000,613,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/08 17:33:52 | 000,131,548 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/08 17:33:52 | 000,108,106 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/08 17:26:57 | 317,492,486 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/08 17:16:22 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 17:16:22 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 04:46:34 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
========== Files Created - No Company Name ==========
[2012/06/08 17:26:57 | 317,492,486 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/13 06:50:14 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011/10/15 17:18:33 | 000,008,704 | ---- | C] () -- C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 16:43:22 | 000,000,000 | ---- | C] () -- C:\Users\Anja\AppData\Local\{079539A1-5A6B-416C-AC5B-76F3F9B35872}
[2011/10/06 16:05:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/21 16:35:45 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/10 15:01:25 | 000,000,076 | ---- | C] () -- C:\Windows\wiso.ini
[2011/03/20 09:24:09 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/09 16:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/01 14:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/20 11:01:57 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/02/20 11:01:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/01/22 09:22:32 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/07/28 16:21:48 | 000,471,040 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/07/11 13:56:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/04/21 05:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2002/05/04 09:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll
========== LOP Check ==========
[2010/11/19 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Black Sea Studios
[2011/11/13 06:51:09 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\CAD-KAS
[2010/07/26 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/20 10:42:13 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DAEMON Tools Lite
[2011/11/13 06:58:27 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Downloaded Installations
[2011/11/18 07:15:58 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\elsterformular
[2012/06/07 07:08:37 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Enlb
[2010/08/11 08:02:30 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\FileZilla
[2011/07/18 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\GoContactSyncMOD
[2012/05/31 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\ICQ
[2011/01/16 08:36:03 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Lexware
[2011/11/13 07:16:20 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Nitro PDF
[2010/12/18 07:58:17 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Outlook
[2011/07/16 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Rovio
[2010/12/01 09:03:46 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Teleca
[2011/03/20 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\uTorrent
[2011/10/06 16:03:06 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2010/07/11 11:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/08/21 16:37:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2011/08/21 16:35:43 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/09/06 15:39:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/02/20 10:25:18 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/07/11 11:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/07/05 03:29:08 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2010/07/11 11:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/16 08:36:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2011/11/13 06:59:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2010/07/16 11:58:47 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/03/13 04:19:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/07/11 11:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/03/27 16:34:39 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/07/11 11:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/12/21 12:47:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2012/03/08 05:35:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Danke schonmal |
| Themen zu Verschlüsselungstrojaner |
| adobe, antivir, autorun, avira, avira searchfree toolbar, bho, black, boot-cd, defender, desktop, downloader, ebay, error, explorer, firefox, format, google, google earth, helper, logfile, mozilla, object, photoshop, plug-in, problem, realtek, registry, scan, software, wiso |
Baum-Darstellung