|
Plagegeister aller Art und deren Bekämpfung: Dateien verschlüsselt nach Mail von flirt-feverWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.06.2012, 13:29 | #1 | |
| Dateien verschlüsselt nach Mail von flirt-fever Hey, habe mir heute Morgen auch einen Verschlüsselungstrojaner eingefangen. Obwohl ich eigentlich weis, dass man unbekannte Mails nicht öffnet hab ich es trotzdem getan Meine Mails rufe ich immer mit Morzilla Thunderbird ab. Die Mail kam von Flirt-fever und war wie folgt: Zitat:
Kurz danach ging nix mehr. Dann dieses Fenster: Ihr PC wurde gesperrt, zahlen sie 100€ um ihn wieder zu entsperren usw. Habe dann ein wenig im Internet recherchiert und bei Chip.de das Program Kaspersky gefunden womit ich meinen PC wieder entsperren konnte. Jetzt hab ich aber immer noch das Problem, dass alle meine Dateien verschlüsselt sind und ich an keine Datei mehr dran komme. Habe schon OTL, defogger, Gmer und Malware durchlaufen lassen. Nachfolgend die Ergebnisse: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:07 on 04/06/2012 (Fabian) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter OTL logfile created on: 04.06.2012 13:11:55 - Run 1 OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Fabian\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,37% Memory free 4,00 Gb Paging File | 3,24 Gb Available in Paging File | 81,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,21 Gb Total Space | 97,57 Gb Free Space | 52,40% Space Free | Partition Type: NTFS Computer Name: PC-*** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.04 13:11:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.5\ICQ.exe PRC - [2011.06.09 18:52:54 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.06.09 18:52:44 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.02.28 17:13:56 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.07.21 18:07:04 | 001,778,064 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe PRC - [2009.10.23 15:15:36 | 000,509,224 | ---- | M] (Hercules®) -- C:\Programme\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.04.14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2007.11.21 13:17:02 | 000,017,408 | ---- | M] () -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ========== Modules (No Company Name) ========== MOD - [2012.05.16 14:13:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll MOD - [2012.05.14 11:53:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 11:53:43 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012.05.13 10:29:47 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll MOD - [2012.05.13 10:29:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll MOD - [2012.05.13 10:29:15 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 10:29:14 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll MOD - [2012.05.13 10:27:13 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.13 10:26:49 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012.05.13 10:26:38 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012.05.13 10:26:29 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012.05.13 10:26:19 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.13 10:26:12 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2011.06.21 17:31:01 | 000,055,816 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll MOD - [2011.06.09 18:52:54 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ========== Win32 Services (SafeList) ========== SRV - [2012.03.12 19:40:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.05 03:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService) SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2007.11.21 13:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pclepci.sys -- (PCLEPCI) DRV - [2011.11.15 09:47:01 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2011.06.17 14:05:22 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.06.17 14:05:22 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.03.18 19:41:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2010.10.22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.02 11:32:52 | 000,124,416 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi) DRV - [2009.10.02 11:32:48 | 000,127,488 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk) DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs) DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.03.22 21:36:40 | 000,028,672 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ULILAN51.SYS -- (ULI5261XP) DRV - [2004.03.29 04:06:24 | 000,090,464 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 9A DD C5 9C A7 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.17 22:50:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.30 01:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.12.30 01:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2010.12.30 01:03:56 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-Germany Toolbar) - {a51a36e6-31e7-4838-9ff7-76298b527ec0} - C:\Programme\softonic-Germany\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-Germany Toolbar) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - C:\Programme\softonic-Germany\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB42FA49-30F9-4150-8023-148A65511370}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{27e8e8bc-5187-11e0-b424-00138f9f27bb}\Shell - "" = AutoRun O33 - MountPoints2\{27e8e8bc-5187-11e0-b424-00138f9f27bb}\Shell\AutoRun\command - "" = I:\Autorun.exe O33 - MountPoints2\{42167561-0f5d-11e1-9391-00138f9f27bb}\Shell - "" = AutoRun O33 - MountPoints2\{42167561-0f5d-11e1-9391-00138f9f27bb}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{899ae4bd-138c-11e0-b8c4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{899ae4bd-138c-11e0-b8c4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe O33 - MountPoints2\{efb4ab21-9e3b-11e0-9a6f-00138f9f27bb}\Shell - "" = AutoRun O33 - MountPoints2\{efb4ab21-9e3b-11e0-9a6f-00138f9f27bb}\Shell\AutoRun\command - "" = K:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.04 14:38:11 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.06.04 13:11:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2012.06.04 10:25:06 | 000,098,304 | -H-- | C] (Sporopo po po) -- C:\Windows\System32\83427C8D088E003D0036.exe [2012.05.29 11:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2012.05.29 11:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA [2012.05.27 12:01:11 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\LolClient2 [2012.05.27 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Honey Auto [2012.05.21 14:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 [2012.05.21 14:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO 1503 [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.04 13:11:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2012.06.04 13:11:03 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.04 13:11:03 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.04 13:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.04 13:08:41 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2012.06.04 13:07:57 | 000,000,020 | ---- | M] () -- C:\Users\Fabian\defogger_reenable [2012.06.04 13:07:05 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Desktop\Defogger.exe [2012.06.04 10:25:06 | 000,098,304 | -H-- | M] (Sporopo po po) -- C:\Windows\System32\83427C8D088E003D0036.exe [2012.06.02 10:39:41 | 001,226,800 | ---- | M] () -- C:\Users\Fabian\Documents\nxeDqAOrdVTXELJQGsleA [2012.06.02 10:35:59 | 000,544,641 | ---- | M] () -- C:\Users\Fabian\Desktop\fuvtGslqjOrdVaXEnJuGs [2012.05.29 11:16:21 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.05.27 12:05:40 | 004,917,842 | ---- | M] () -- C:\Users\Fabian\Desktop\fettQQEEaaddOgAjl [2012.05.27 12:04:09 | 004,544,373 | ---- | M] () -- C:\Users\Fabian\Desktop\DUXanEJuGtlsAqgNdf [2012.05.26 21:51:32 | 000,116,640 | ---- | M] () -- C:\Users\Fabian\Desktop\GyONdfTXopuLsxely [2012.05.21 14:10:18 | 000,000,000 | ---- | M] () -- C:\Users\Fabian\Desktop\GTVUNgyjsextvQnEppdfO [2012.05.21 13:28:24 | 000,134,350 | ---- | M] () -- C:\LJvAjDDdUOgTEUTQto [2012.05.16 23:17:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.05.13 20:11:59 | 000,293,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.04 13:07:39 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.04 13:07:05 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.05.21 14:10:18 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\GTVUNgyjsextvQnEppdfO [2012.05.16 23:17:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.06.06 08:45:27 | 000,000,063 | ---- | C] () -- C:\Windows\PixieTool.INI [2011.06.01 11:07:37 | 000,100,700 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.03.16 15:23:14 | 000,049,152 | ---- | C] () -- C:\Windows\Iniexpander.exe [2011.03.16 15:16:57 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.03.16 15:16:56 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.03.16 14:58:21 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll [2011.02.13 22:14:40 | 000,029,184 | ---- | C] () -- C:\Windows\System32\tqmcompc.dll [2011.02.07 13:27:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.02.07 13:27:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\ENjqeltxuJEnXaVUN [2011.02.07 13:18:16 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.02.07 13:18:16 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.02.06 20:49:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.12.30 01:21:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.29 23:07:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\UnLAN.exe ========== LOP Check ========== [2012.06.04 10:58:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.07.22 16:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.06.04 10:58:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.17 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.06.04 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.06.04 12:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2010.12.30 00:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.30 02:06:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2012.05.27 12:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient2 [2011.01.06 19:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.12.30 00:00:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.06.04 12:56:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.12.30 01:21:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.03.16 14:58:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ubi.com [2011.11.15 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager [2012.04.23 22:55:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2012 13:11:55 - Run 1 OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,37% Memory free 4,00 Gb Paging File | 3,24 Gb Available in Paging File | 81,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,21 Gb Total Space | 97,57 Gb Free Space | 52,40% Space Free | Partition Type: NTFS Computer Name: PC-*** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1209EF8C-4EF3-40E1-A756-4BD620746A8B}" = lport=137 | protocol=17 | dir=in | app=system | "{14B03927-16DD-402F-9B33-22357B029472}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | "{161FDBAF-816C-4302-9C65-1184319F350D}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher | "{18323BEA-CCC3-4806-95B8-BDC9FE720275}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{204AEE6B-79C0-407B-AB1C-00965BBBCFBA}" = rport=137 | protocol=17 | dir=out | app=system | "{22E65FB1-20D1-40E7-B662-1E966ACE9C98}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | "{27F64C60-175B-45E3-8486-4FAF5688D782}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{2815B794-F9FE-49C3-BE29-139B856DB80F}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{2A986A96-7780-4767-B61B-49B919DA8C0C}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher | "{3EEA3063-EF4B-485A-89B9-D86331FC9F3C}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | "{480887A8-D6C6-445C-92EA-03408AFE992D}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | "{4DEC417E-5C49-4419-83F4-69C620E1144E}" = rport=139 | protocol=6 | dir=out | app=system | "{4EFF924A-75F0-46C3-B856-E2E6DEA05174}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | "{572363E8-B424-49F3-945D-2E758F768B34}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher | "{5BE04DC6-271D-418A-BCD9-C4FCC48A1607}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher | "{5CC394C6-6FAB-4B7D-B3CE-8FEC8005AAEA}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher | "{5E1DB9D6-C0A2-4278-A6BF-FF3E7507F8B0}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher | "{633AE5B2-81DC-4C88-8416-017808D33409}" = lport=138 | protocol=17 | dir=in | app=system | "{692EBC2F-853D-430F-A01A-447E2C1D3F9D}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher | "{70A08FB6-99F4-4F50-A72B-5010FF87AAC9}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher | "{71127BD8-782B-489A-BC42-D74AC90648DD}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher | "{75883B34-876B-479C-9D0D-62374DBAD573}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher | "{788D24BA-6D43-44CB-A59D-A51413C83FFF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{7FB5C665-1662-4276-9309-271C37157F84}" = rport=138 | protocol=17 | dir=out | app=system | "{8C168E5B-C4E2-419C-822F-9750AE2CAD5F}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher | "{91536523-6DCF-4702-BEBD-26F88DCBBAF7}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{92D5B98B-1E64-4741-94B1-7A1581D5D3E8}" = lport=445 | protocol=6 | dir=in | app=system | "{92E503E4-040F-49C3-88B0-CA0C11BD7366}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher | "{9ABF9A53-0464-4B99-98EE-59952D9BB163}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher | "{A1E4AB5D-133F-4F3F-B135-C12DCA0CBB2E}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | "{AC1EC17A-DDE7-42DA-A05C-2780D4EBB5D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B63F959E-B1B4-4849-A75F-1D5220AF0A72}" = lport=139 | protocol=6 | dir=in | app=system | "{B89BB384-9DB7-47EC-8D0A-BE8C75282B2F}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{BBCC61A5-5CB4-4AA2-B2AA-4465FA986479}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | "{BD4DE388-4CB9-41B0-B23B-DC20558CEFB9}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{C40BE224-6D9A-44E8-A4E3-61B96D274018}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher | "{C4AA64F8-87B9-49B3-9942-3B7DF1F6C51D}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher | "{D30EDF17-6050-473E-899C-61B8A1D7E291}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | "{D3D711C6-3E0D-4630-A5F7-8D493A30D55E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D8C0D8B4-9CF0-4FE7-9A7B-836D53CD4A01}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{D989A545-7B19-46A4-8F4B-DC5C8A7A28DC}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher | "{DA6DF220-2C9B-47FA-9771-B368182FA15A}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{E2780D94-C7EC-4F4A-B70C-D1E1F61D91D9}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher | "{E41E25C2-DB83-4CD9-ACE7-0778AD522516}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E6729700-2B3B-42EF-8C51-DF2828D6284E}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | "{EA10D848-43F2-4957-ADBC-B618CF4C4362}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher | "{EC654E24-CC06-493F-867C-5515EAA05E38}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | "{EED0F5F4-9B80-4BD0-9623-09E0AF119F31}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher | "{F10B33CC-8FBA-46C3-94FC-A803D477BDF3}" = rport=445 | protocol=6 | dir=out | app=system | "{F1AACD18-585B-4F19-9870-8FAC64D75E96}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F06FBD2-5FE4-4F1B-97AD-10EA48D2DB18}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{229EA9E8-2F3E-4E30-8DF6-DFE8E2B05103}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{303B1CC0-7F8B-4ABA-A0D3-BF5859E3816D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{47AA94B6-A7CB-4C20-AA70-A03DA3AB8DC2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4E9114EF-573B-4CFD-AF2E-991E0E1BB425}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{51010122-03AE-4682-B744-5AA414DE542C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{532730A6-8D1C-4F00-B5BF-DA9DC377D7C6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{536265D3-0524-4415-94FF-5D8A9BE68598}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{54D12E8E-5E98-4652-8852-F779BC9DC6A6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{592B6904-F4DC-49F0-AE43-CCD384946426}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{71D9B03E-0A8E-45C3-893D-996F698C2DA4}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{794EE108-75C8-4952-8099-1D78092239BF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{850C9FDE-9DB3-4CF0-9A2C-FB18515B4879}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{85191324-65D1-4C8B-A5C1-4DE930BF6DAE}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{894BDF23-09A4-419E-B11D-19FAE6460376}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89FBB99F-71B8-46C6-90EB-122FB6C13BE4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{924359E0-AF2A-4656-BDDD-A1ADB384491D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{94B1A2E8-8E52-4606-AEF1-9D80904B912D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{9E6FA462-02F6-4CBB-BE3E-C0DCFD2A629C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{A0B4103D-4CEC-4A69-8D99-EC3845301DD4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C5F82E59-5D49-4589-9710-837673B80172}" = protocol=17 | dir=in | app=c:\program files\ultramixer\jre\launch4j-tmp\ultramixer.exe | "{C7255F9C-F771-43FA-AAB5-568E4F183905}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{C89F634D-2D04-4D81-BFDF-07F4832F3C33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D01CF299-7F70-4A13-B054-9058901159AA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{D162BE2D-571B-44CE-884E-5E0F20177FD8}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{D7000557-7FCA-484E-9458-0792BA71BB48}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D820DE92-7D94-4A05-A57B-31BBF4A4AE3C}" = protocol=6 | dir=in | app=c:\program files\ultramixer\jre\launch4j-tmp\ultramixer.exe | "{ECC7E202-B1FE-49FC-BDC8-BBBA568024A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{ECC80403-4126-49A1-9608-46E170267C22}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{EDF7BF7F-24B7-4E4D-9920-92D510AC984A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{F0F9B509-B666-4507-AB67-643846ED6079}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{F6E60EF3-21E7-4F40-9363-4E1CDA99CC71}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "TCP Query User{15826302-ADDA-4192-896C-7660489E11F6}C:\program files\ea games\battlefield 2\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\forgottenhope2.exe | "TCP Query User{1A967356-2EFB-4C87-8209-E22CA7B62E8B}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe | "TCP Query User{1B0B82A1-BAF9-498F-B284-E0C4F42AAB56}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{55C08DA2-3B82-4B69-BCEB-05347EB452A4}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | "TCP Query User{59BD95E0-8019-40D6-BF79-467A38FB76A0}C:\program files\ultramixer\jre\launch4j-tmp\ultramixer.exe" = protocol=6 | dir=in | app=c:\program files\ultramixer\jre\launch4j-tmp\ultramixer.exe | "TCP Query User{B8E990E5-435A-4F4C-936E-814602B165EB}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "TCP Query User{F1B5AEF7-64F4-4A17-B4E8-DA2B27123DD6}C:\program files\ea sports\fussball manager 11\manager11.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 11\manager11.exe | "TCP Query User{FDB7E8C2-BCCD-4AB3-B84A-1C7F642A945A}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | "UDP Query User{1B27DA45-92A7-4C9B-875B-0BECF796F488}C:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe | "UDP Query User{1EEF4116-A5AE-4730-A334-19453F13A6C8}C:\program files\ea games\battlefield 2\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\forgottenhope2.exe | "UDP Query User{343A7C30-586A-4289-B332-ABE5625C7DD4}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{735EAB36-9EBC-41E5-9000-C1601AADBB2A}C:\program files\ea sports\fussball manager 11\manager11.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 11\manager11.exe | "UDP Query User{85F51203-F821-4D86-B1F6-017918D3932A}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "UDP Query User{994F9EF3-29A4-462E-8C92-E0CB3A38E727}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe | "UDP Query User{A10AE351-71AF-4E05-B7E6-9B36169E9F83}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | "UDP Query User{B233757D-0FF9-452D-A5AB-D1D8B559AC01}C:\program files\ultramixer\jre\launch4j-tmp\ultramixer.exe" = protocol=17 | dir=in | app=c:\program files\ultramixer\jre\launch4j-tmp\ultramixer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0 "{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver "{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads! "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces "{664FF9A8-7E44-4E17-AD40-D10E15504C49}" = Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{81521545-BE95-4869-92FA-CC2E276C790E}" = Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000 "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412 "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}" = ULi SATA Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CCleaner" = CCleaner "conduitEngine" = Conduit Engine "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GameSpy Arcade" = GameSpy Arcade "ICQToolbar" = ICQ Toolbar "Indoor Swmimming Bath" = Indoor Swmimming Bath "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Old Tucson" = Old Tucson "Opera 11.64.1403" = Opera 11.64 "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "softonic-Germany Toolbar" = softonic-Germany Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "WinGimp-2.0_is1" = GIMP 2.6.12 "XSManager" = XSManager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads! ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.06.2012 05:02:10 | Computer Name = PC-Fabian | Source = ESENT | ID = 447 Description = Windows (3472) Windows: Ungültige Seitenverknüpfung (Fehler -327) in B-Struktur (Objekt-Id: 11, PgnoRoot: 136) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (1420 => 1237, 1421). Error - 04.06.2012 05:02:10 | Computer Name = PC-Fabian | Source = ESENT | ID = 447 Description = Windows (3472) Windows: Ungültige Seitenverknüpfung (Fehler -327) in B-Struktur (Objekt-Id: 11, PgnoRoot: 136) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (1420 => 1237, 1421). Error - 04.06.2012 05:02:10 | Computer Name = PC-*** | Source = ESENT | ID = 447 Description = Windows (3472) Windows: Ungültige Seitenverknüpfung (Fehler -327) in B-Struktur (Objekt-Id: 11, PgnoRoot: 136) von Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (1420 => 1237, 1421). Error - 04.06.2012 05:04:49 | Computer Name = PC-*** | Source = ESENT | ID = 467 Description = Windows (3472) Windows: Datenbank C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemType407 von Tabelle SystemIndex_0A ist beschädigt (0). Error - 04.06.2012 05:04:49 | Computer Name = PC-*** | Source = Windows Search Service | ID = 7040 Description = Error - 04.06.2012 05:04:49 | Computer Name = PC-*** | Source = Windows Search Service | ID = 7042 Description = Error - 04.06.2012 05:05:23 | Computer Name = PC-*** | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "WmiApRpl" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 04.06.2012 05:05:23 | Computer Name = PC-*** | Source = Microsoft-Windows-LoadPerf | ID = 3009 Description = Die Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl) konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. Error - 04.06.2012 07:02:37 | Computer Name = PC-*** | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "WmiApRpl" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 04.06.2012 07:02:37 | Computer Name = PC-*** | Source = Microsoft-Windows-LoadPerf | ID = 3009 Description = Die Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl) konnten nicht installiert werden. Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 16.08.2011 02:59:04 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 17.08.2011 07:24:13 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 18.08.2011 04:31:48 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 18.08.2011 04:34:53 | Computer Name = PC-*** | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 18.08.2011 06:16:32 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 18.08.2011 09:53:55 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 19.08.2011 08:47:33 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 19.08.2011 13:43:18 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 20.08.2011 06:53:27 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI Error - 21.08.2011 11:44:43 | Computer Name = PC-*** | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCLEPCI < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-04 13:40:35 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP2014N rev.VC100-37 Running: f61t2v39.exe; Driver: C:\Users\Fabian\AppData\Local\Temp\uwlyqpob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C493C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C82D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2660] ntdll.dll!DbgBreakPoint 76EB410C 3 Bytes [8B, 40, 30] {MOV EAX, [EAX+0x30]} ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0x37 0xE0 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0xC8 0x39 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xB6 0x93 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x4B 0x24 0xF7 0x0E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0x37 0xE0 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0xC8 0x39 0x5C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0xB6 0x93 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x4B 0x24 0xF7 0x0E ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ... ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.04.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Fabian :: PC-*** [Administrator] 04.06.2012 14:02:27 mbam-log-2012-06-04 (14-07-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207661 Laufzeit: 5 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Windows\System32\83427C8D088E003D0036.exe (Trojan.Agent.SZ) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Local\Temp\mplnmuitye.pre (Trojan.Agent.SZ) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Local\Temp\rgfdsapoiu.pre (Trojan.Agent.SZ) -> Keine Aktion durchgeführt. (Ende) Hoffe Ihr könnte mir helfen. Danke schonmal im Vorraus Gruß tomtom PS: Ich hoffe ich hab alles richtig gepostet. Falls noch irgendwas fehlt, schick ich es natürlich nach. Geändert von tomtom1312 (04.06.2012 um 13:35 Uhr) Grund: falsche Tags :) |
04.06.2012, 15:51 | #2 |
/// Malware-holic | Dateien verschlüsselt nach Mail von flirt-fever hi,
__________________1. die infektionsquelle: an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann bitte lesen: markusg - trojaner-board.de und mir die soeben erstellte datei zukommen lassen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig. 2. versuch mal den shadow explorer: http://www.trojaner-board.de/115496-...erstellen.html
__________________ |
04.06.2012, 17:27 | #3 |
| Dateien verschlüsselt nach Mail von flirt-fever Hey,
__________________habe jetzt eine Mail mit meiner Virusmail geschickt. Jetzt muss ich nur noch irgendwie die verschlüsselten Dateien wieder bekommen. Wie weiß ich denn, dass der komplette Virus von meinem PC verschwunden ist? Gruß tomtom |
04.06.2012, 17:32 | #4 |
/// Malware-holic | Dateien verschlüsselt nach Mail von flirt-fever hast du punkt 2 schon versucht?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.06.2012, 18:00 | #5 |
| Dateien verschlüsselt nach Mail von flirt-fever Ja bin grad dabei. Wie es aussieht scheint es zu klappen. Es ist aber sehr mühsig, da man jeden Ordner einzeln machen muss Wie weiß ich denn, ob der Virus komplett verschwunden ist? Danke aber schonmal für die Hilfe |
05.06.2012, 17:09 | #6 |
/// Malware-holic | Dateien verschlüsselt nach Mail von flirt-fever mach doch erst mal eins nach dem andern, teile mir mit ob die entschlüsselung geklappt hatt, dann können wir uns um den rest kümmern
__________________ --> Dateien verschlüsselt nach Mail von flirt-fever |
05.06.2012, 21:14 | #7 |
| Dateien verschlüsselt nach Mail von flirt-fever Hey, also konnte die Dateien dank des Shadow-Programms wieder herstellen; war zwar etwas mühsam, aber es hat geklappt Wie weiß ich denn jetzt, ob der trojaner komplett entfernt wurde? Habe außerdem noch eine dubiose Mail bekommen - aber diesmal mach ich die nicht auf Gruß tomtom |
07.06.2012, 20:02 | #8 |
/// Malware-holic | Dateien verschlüsselt nach Mail von flirt-fever hi bitte solche mails weiterleiten. um ganz sicher zu gehen, solltest du deine daten sichern, und formatieren, danach pc absichern. wenn du nicht weist wie man formatiert, anleitung gebe ich dir, ebenfalls zum absichern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.06.2012, 07:21 | #9 |
| Dateien verschlüsselt nach Mail von flirt-fever Danke für Eure Hilfe Tread kann geschlossen werden! Gruß tomtom |
Themen zu Dateien verschlüsselt nach Mail von flirt-fever |
bho, chip.de, conduit, converter, dateisystem, device driver, error, euro, fehler, firefox, flash player, format, google, heuristiks/extra, heuristiks/shuriken, home, index, install.exe, internet, kaspersky, langs, league of legends, locker, logfile, malware, nicht installiert, ntdll.dll, object, pc wurde gesperrt, problem, prozess, realtek, registry, required, rundll, scan, searchscopes, security, software, stick, storm, windows |