|
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner hat mich erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.06.2012, 12:32 | #1 |
| Verschlüsselungs-Trojaner hat mich erwischt Hallo zusammen, ich habe mir den Verschlüsselungs-Trojaner am 3.06 eingefangen. Alles blinkte und meinen Laptop habe ich im abgesicherten Modus hochgefahren und eine Systemwiderherstellung gemacht. Danach funktionierte wieder alles nur die Dokumente, Bilder, usw. waren alle gelockt. Ein Tip von jemanden brachte mich auf diese Seite: forum.botfrei.de/showthread.php?2887-Christian-Verschl%FCsselungs-Trojaner-%28eigener-Thread%29 Hier fand ich ein Video mit einem Hinweis auf einen DecyptHelper von dieser Seite. Ich habe mir einen Key gemacht und alle meine Dokumente kann ich nun wieder freischalten Einen großen Dank dem Erfinder Dann habe ich nun mit dem Malwarebytes 2 Trojaner eingefangen. Kann sie Ihnen aber nicht schicken, weil ich es nicht verstehe. Habe ich nun alles gemacht? Danke an die Betreiber der Seite LG Kirsten defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:00 on 05/06/2012 (Meinereiner) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers...OTL Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 05.06.2012 14:08:10 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Meinereiner\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 40,77% Memory free 5,96 Gb Paging File | 4,45 Gb Available in Paging File | 74,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 45,50 Gb Free Space | 49,34% Space Free | Partition Type: NTFS Drive E: | 197,09 Gb Total Space | 155,99 Gb Free Space | 79,15% Space Free | Partition Type: NTFS Computer Name: MEINEREINER-PC | User Name: Meinereiner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.05 14:07:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Meinereiner\Desktop\OTL.exe PRC - [2012.05.05 18:30:36 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.12 12:54:48 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 00:58:58 | 000,330,696 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2010.10.19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.04.07 08:35:49 | 001,338,184 | ---- | M] (Sourcefire, Inc.) -- C:\Programme\ClamAV for Windows\1.0.26\iptray.exe PRC - [2010.04.07 08:35:49 | 000,717,552 | ---- | M] (Immunet Corporation) -- C:\Programme\ClamAV for Windows\1.0.26\agent.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.04.03 16:34:20 | 000,733,184 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu OSD Utility\OSDUtility.exe PRC - [2009.03.24 04:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.05.28 13:40:28 | 000,020,480 | ---- | M] ( ) -- C:\Programme\Google\Google EULA\GoogleEULALauncher.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 04:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.12.19 03:13:04 | 001,179,648 | ---- | M] () -- C:\Programme\WiFiConnector\NintendoWFCReg.exe PRC - [2006.11.02 14:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (No Company Name) ========== MOD - [2012.05.11 14:04:16 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.11 10:10:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll MOD - [2012.05.11 10:09:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll MOD - [2012.05.11 10:01:05 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 10:00:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.04.07 08:35:49 | 000,198,984 | ---- | M] () -- C:\Programme\ClamAV for Windows\1.0.26\dsl.dll MOD - [2010.04.07 08:35:49 | 000,181,064 | ---- | M] () -- C:\Programme\ClamAV for Windows\1.0.26\dcf.dll MOD - [2010.04.07 08:35:49 | 000,026,952 | ---- | M] () -- C:\Programme\ClamAV for Windows\1.0.26\dut.dll MOD - [2010.04.07 08:35:49 | 000,021,320 | ---- | M] () -- C:\Programme\ClamAV for Windows\1.0.26\dxm.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.03.30 06:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2007.12.19 03:13:04 | 001,179,648 | ---- | M] () -- C:\Programme\WiFiConnector\NintendoWFCReg.exe MOD - [2007.07.03 07:55:36 | 000,110,592 | ---- | M] () -- C:\Programme\WiFiConnector\WIFICON.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 11:50:05 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.05.05 19:30:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.25 14:12:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.09 00:58:58 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.10.19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.04.07 08:35:49 | 000,717,552 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Programme\ClamAV for Windows\1.0.26\agent.exe -- (ImmunetProtect) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2011.10.28 20:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.04.07 08:35:49 | 000,038,856 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver) DRV - [2010.04.07 08:35:49 | 000,029,640 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver) DRV - [2010.04.07 08:35:49 | 000,020,040 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetMonitor.sys -- (ImmunetMonitorDriver) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.06.30 19:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.05.02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2008.01.21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR) DRV - [2008.01.21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs) DRV - [2008.01.21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:32:51 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2008.01.21 04:32:51 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2008.01.21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:32:50 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV) DRV - [2008.01.21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:32:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2008.01.21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:32:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2008.01.21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:32:47 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:32:45 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2008.01.21 04:32:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc) DRV - [2008.01.21 04:32:45 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk) DRV - [2008.01.21 04:32:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008.01.21 04:32:23 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2008.01.21 04:32:22 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008.01.21 04:32:22 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2008.01.21 04:32:22 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2008.01.21 04:32:21 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2008.01.21 04:32:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2008.01.21 04:32:21 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2008.01.21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2008.01.21 04:32:21 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2008.01.21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide) DRV - [2008.01.21 04:32:21 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2008.01.21 04:32:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2007.11.29 07:21:06 | 000,163,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR) DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Meinereiner\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2A997DE9-52BA-4F37-BF58-B2AD24F541B7}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{41C74A3E-B01B-4D9A-BD98-D88DC9EAFF4C}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{610E82F3-0E31-4B78-8C06-58F20A4EEDEF}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\..\SearchScopes\{84DFAFD6-D1DB-4D84-916B-C51CE08F88D7}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{D915A4AC-9129-48BA-8B83-7C31F362DC20}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{F5078672-EC18-4FBC-9BDA-E485E4816EC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{FAB9C7BB-8652-4BEF-B000-60F1F1B1F310}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 14:12:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.29 21:06:35 | 000,000,000 | ---D | M] [2010.03.15 07:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meinereiner\AppData\Roaming\mozilla\Extensions [2012.06.03 22:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meinereiner\AppData\Roaming\mozilla\Firefox\Profiles\b3iaekdu.default\extensions [2012.06.03 22:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.03 22:56:06 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.04.25 14:12:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.04.12 21:57:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.12 21:57:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.12 21:57:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.12 21:57:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.12 21:57:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.12 21:57:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu\System Recovery\FSCRecoveryReminder.exe (Fujitsu Technology Solutions GmbH) O4 - HKLM..\Run: [Fujitsu OSD Utility] c:\Programme\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\ClamAV for Windows\1.0.26\iptray.exe (Sourcefire, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28F95EB0-5222-4737-B245-D9188484F8DE}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCC9F2D6-DBBB-40E1-9318-B7A9FEB4FF4E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04fc8cb9-3cf8-11df-8baf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{04fc8cb9-3cf8-11df-8baf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{32ba2ab3-3b72-11df-a841-00269e0e8ee3}\Shell - "" = AutoRun O33 - MountPoints2\{32ba2ab3-3b72-11df-a841-00269e0e8ee3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{32ba2ad4-3b72-11df-a841-00269e0e8ee3}\Shell - "" = AutoRun O33 - MountPoints2\{32ba2ad4-3b72-11df-a841-00269e0e8ee3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a039bf3d-209d-11e0-b435-00269e0e8ee3}\Shell - "" = AutoRun O33 - MountPoints2\{a039bf3d-209d-11e0-b435-00269e0e8ee3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bdb59428-5784-11e0-b963-00269e0e8ee3}\Shell - "" = AutoRun O33 - MountPoints2\{bdb59428-5784-11e0-b963-00269e0e8ee3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cfb142e1-6ed8-11df-825c-00269e0e8ee3}\Shell - "" = AutoRun O33 - MountPoints2\{cfb142e1-6ed8-11df-825c-00269e0e8ee3}\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.05 14:07:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Meinereiner\Desktop\OTL.exe [2012.06.04 13:58:02 | 000,000,000 | ---D | C] -- C:\Users\Meinereiner\AppData\Roaming\Malwarebytes [2012.06.04 13:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.04 13:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.04 13:57:08 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.04 13:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.03 22:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012.06.03 22:45:55 | 000,000,000 | ---D | C] -- C:\Users\Meinereiner\AppData\Local\ElevatedDiagnostics ========== Files - Modified Within 30 Days ========== [2012.06.05 14:07:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Meinereiner\Desktop\OTL.exe [2012.06.05 13:56:22 | 000,000,000 | ---- | M] () -- C:\Users\Meinereiner\defogger_reenable [2012.06.05 13:55:30 | 000,050,477 | ---- | M] () -- C:\Users\Meinereiner\Desktop\Defogger.exe [2012.06.05 13:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.05 13:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3394083248-2902725928-3474590527-1001UA.job [2012.06.05 12:43:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.05 12:43:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.05 12:09:21 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012.06.05 12:09:21 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012.06.05 10:43:43 | 000,000,439 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.06.05 10:43:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.04 21:50:08 | 025,879,206 | ---- | M] () -- C:\Users\Meinereiner\Desktop\IMG.bmp [2012.06.04 21:29:00 | 000,087,223 | ---- | M] () -- C:\Users\Meinereiner\Desktop\00250511-VHMYEQJL.jpg [2012.06.04 21:24:51 | 000,004,096 | ---- | M] () -- C:\Users\Meinereiner\Desktop\decrypt.key [2012.06.04 21:11:55 | 000,019,458 | ---- | M] () -- C:\Users\Meinereiner\Desktop\DecryptHelper-0.5.jar [2012.06.04 18:39:20 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3394083248-2902725928-3474590527-1001Core.job [2012.06.04 18:18:22 | 000,000,680 | RHS- | M] () -- C:\Users\Meinereiner\ntuser.pol [2012.06.04 13:57:20 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.03 21:45:35 | 000,001,356 | ---- | M] () -- C:\Users\Meinereiner\AppData\Local\d3d9caps.dat [2012.05.11 09:57:39 | 000,347,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.11 07:39:33 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.11 07:39:33 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.11 07:39:33 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.11 07:39:33 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.06.05 13:56:22 | 000,000,000 | ---- | C] () -- C:\Users\Meinereiner\defogger_reenable [2012.06.05 13:55:30 | 000,050,477 | ---- | C] () -- C:\Users\Meinereiner\Desktop\Defogger.exe [2012.06.04 21:29:00 | 000,087,223 | ---- | C] () -- C:\Users\Meinereiner\Desktop\00250511-VHMYEQJL.jpg [2012.06.04 21:24:51 | 000,004,096 | ---- | C] () -- C:\Users\Meinereiner\Desktop\decrypt.key [2012.06.04 21:11:21 | 000,019,458 | ---- | C] () -- C:\Users\Meinereiner\Desktop\DecryptHelper-0.5.jar [2012.06.04 13:57:20 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.29 21:06:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.29 20:26:36 | 025,879,206 | ---- | C] () -- C:\Users\Meinereiner\Desktop\IMG.bmp [2011.11.14 17:12:19 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.11.14 17:12:19 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.11.08 18:11:36 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe ========== LOP Check ========== [2012.01.30 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\1&1 Mail & Media GmbH [2012.05.29 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\Canon [2011.07.26 11:56:34 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\OpenCandy [2012.06.03 21:22:21 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\Skip-Bo [2012.06.03 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\TeamViewer [2010.03.22 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\Template [2012.06.03 21:22:24 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\Verbindungsassistent [2010.06.13 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\Meinereiner\AppData\Roaming\Zylom [2012.06.05 03:28:22 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.06.2012 14:08:10 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Meinereiner\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 40,77% Memory free 5,96 Gb Paging File | 4,45 Gb Available in Paging File | 74,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 45,50 Gb Free Space | 49,34% Space Free | Partition Type: NTFS Drive E: | 197,09 Gb Total Space | 155,99 Gb Free Space | 79,15% Space Free | Partition Type: NTFS Computer Name: MEINEREINER-PC | User Name: Meinereiner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3394083248-2902725928-3474590527-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15CA592E-FF62-4502-B3E1-24F953945F77}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{438FFFE7-64D0-4715-BD7A-9A2E69CBE638}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{511FB4C0-0C2F-47EF-B819-15D2F33F12ED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{64855107-CD50-4FFA-A89E-877B0FFE7AF5}" = rport=2869 | protocol=6 | dir=out | app=system | "{66EBA3F1-A8BA-48BA-9AB6-262E168EA1E8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8A5DF7B7-6158-4FE9-9C31-F10BEFF21C6C}" = lport=2869 | protocol=6 | dir=in | app=system | "{8E293DAB-F6BE-4F6C-88C5-4615FA3C55E8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C4228E56-F3D2-43EF-852B-D094FB973B2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04575484-E3FF-4BA4-B72B-739B4CCD2BC9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{0CCFA9BA-1D86-41D6-9A55-3FFA8D5379CB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{167EADAB-0194-4354-B188-2A23562B71AE}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{1E8CBAA4-4C6A-410D-892C-DD7E4965A7F8}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{26E58735-8F52-4F3F-B86A-C7AC79AFF148}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{63AC549B-5A51-488D-8C13-7DBD95C4387A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{67B0989A-B705-49BA-9E99-B43AD57FB611}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{71148ACE-D735-44BF-921E-8C3B70566BF5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | "{78DFA5F7-53B2-41BF-91DB-080B4EF74C9A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{A755A61E-4BBA-43CB-9E66-74AA647CD36B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D90B88EE-D593-4B45-B29F-39893C0D5434}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E540AB00-D2BD-4F9C-ABE1-F60B080F463C}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | "{E6264673-615A-489C-BB3E-51CFFFDDBA77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{EFBB03F2-7045-4E30-B1DF-539E03DB08FA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | "TCP Query User{093E7305-C601-4CEA-A9FA-5BB530433738}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{B4B9C44B-1877-44BA-9E69-F48BF83D992D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{B5ADABE6-50D0-4F22-BBB6-35C85D21004B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{22944100-9181-4445-9A5C-F086727899B6}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{4ED4AA98-C4D7-40B8-9A0A-8F31250454C9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{D2B341C2-DECC-42F3-9802-BCA7A7D86F50}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B1510103-0038-4967-8975-E17D2A591031}" = Nero 8 Essentials "{B7DCFAFF-D984-4A8A-96DC-A55869C37103}" = System Recovery "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware "{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility "{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DivX Setup.divx.com" = DivX-Setup "Easy-WebPrint EX" = Canon Easy-WebPrint EX "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Immunet Protect" = ClamAV for Windows "InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mobile Partner" = Mobile Partner "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "phase-6" = phase-6 2.1.2a "TeamViewer 5" = TeamViewer 5 "Verbindungsassistent" = Verbindungsassistent "WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector "Winamp" = Winamp "WinRAR archiver" = WinRAR "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SKIP-BO Castaway Caper(TM)" = SKIP-BO Castaway Caper(TM) "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.05.2012 17:18:40 | Computer Name = Meinereiner-PC | Source = WinMgmt | ID = 10 Description = Error - 13.05.2012 17:19:22 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 13.05.2012 17:19:22 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 13.05.2012 17:19:23 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 13.05.2012 17:19:23 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.05.2012 03:52:58 | Computer Name = Meinereiner-PC | Source = WinMgmt | ID = 10 Description = Error - 14.05.2012 03:54:27 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.05.2012 03:54:27 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.05.2012 03:54:28 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.05.2012 03:54:28 | Computer Name = Meinereiner-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 03.06.2012 16:24:57 | Computer Name = Meinereiner-PC | Source = DCOM | ID = 10010 Description = Error - 04.06.2012 03:52:42 | Computer Name = Meinereiner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 04.06.2012 03:53:41 | Computer Name = Meinereiner-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 04.06.2012 09:08:04 | Computer Name = Meinereiner-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 04.06.2012 11:53:09 | Computer Name = Meinereiner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 04.06.2012 12:15:47 | Computer Name = Meinereiner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 04.06.2012 12:16:55 | Computer Name = Meinereiner-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 04.06.2012 16:05:39 | Computer Name = Meinereiner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 04.06.2012 21:28:05 | Computer Name = Meinereiner-PC | Source = DCOM | ID = 10010 Description = Error - 05.06.2012 04:43:16 | Computer Name = Meinereiner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = < End of report > |
05.06.2012, 20:21 | #2 |
/// Malware-holic | Verschlüsselungs-Trojaner hat mich erwischt hi
__________________einfach malwarebytes öffnen, berichte, und dort das log anklicken. und dann hier reinkopieren. außerdem: an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann bitte lesen: markusg - trojaner-board.de und mir die soeben erstellte datei zukommen lassen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.
__________________ |
05.06.2012, 22:32 | #3 |
| Verschlüsselungs-Trojaner hat mich erwischt Malwarebytes Anti-Malware (Test) 1.61.0.1400
__________________Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.04.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Meinereiner :: MEINEREINER-PC [Administrator] Schutz: Aktiviert 04.06.2012 18:27:08 mbam-log-2012-06-04 (18-27-08).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343396 Laufzeit: 3 Stunde(n), 29 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Meinereiner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4456e1ed-1c9af127 (Trojan.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.04.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Meinereiner :: MEINEREINER-PC [Administrator] Schutz: Aktiviert 04.06.2012 17:56:00 mbam-log-2012-06-04 (17-56-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209802 Laufzeit: 16 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Meinereiner\AppData\Local\Temp\jar_cache2356011396208772906.tmp (Trojan.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2012/06/04 13:59:49 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting protection 2012/06/04 14:00:06 +0200 MEINEREINER-PC Meinereiner MESSAGE Protection started successfully 2012/06/04 14:00:09 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting IP protection 2012/06/04 14:00:46 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection started successfully 2012/06/04 14:11:48 +0200 MEINEREINER-PC Meinereiner MESSAGE Executing scheduled update: Daily 2012/06/04 14:11:52 +0200 MEINEREINER-PC Meinereiner MESSAGE Database already up-to-date 2012/06/04 17:54:35 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting protection 2012/06/04 17:54:59 +0200 MEINEREINER-PC Meinereiner MESSAGE Protection started successfully 2012/06/04 17:55:03 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting IP protection 2012/06/04 17:55:16 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection started successfully 2012/06/04 18:18:11 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting protection 2012/06/04 18:18:21 +0200 MEINEREINER-PC Meinereiner MESSAGE Protection started successfully 2012/06/04 18:18:25 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting IP protection 2012/06/04 18:18:33 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection started successfully 2012/06/04 22:08:10 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting protection 2012/06/04 22:08:25 +0200 MEINEREINER-PC Meinereiner MESSAGE Protection started successfully 2012/06/04 22:08:28 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting IP protection 2012/06/04 22:08:39 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection started successfully 2012/06/05 02:14:34 +0200 MEINEREINER-PC Meinereiner MESSAGE Executing scheduled update: Daily 2012/06/05 02:15:21 +0200 MEINEREINER-PC Meinereiner MESSAGE Scheduled update executed successfully: database updated from version v2012.06.04.03 to version v2012.06.04.09 2012/06/05 02:15:21 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting database refresh 2012/06/05 02:15:21 +0200 MEINEREINER-PC Meinereiner MESSAGE Stopping IP protection 2012/06/05 02:16:07 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection stopped 2012/06/05 02:16:35 +0200 MEINEREINER-PC Meinereiner MESSAGE Database refreshed successfully 2012/06/05 02:16:35 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting IP protection 2012/06/05 02:17:12 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection started successfully 2012/06/05 10:45:59 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting protection 2012/06/05 10:46:10 +0200 MEINEREINER-PC Meinereiner MESSAGE Protection started successfully 2012/06/05 10:46:13 +0200 MEINEREINER-PC Meinereiner MESSAGE Starting IP protection 2012/06/05 10:46:23 +0200 MEINEREINER-PC Meinereiner MESSAGE IP Protection started successfully Hallo erstmal danke für den Tip und ich habe die Logs gefunden. Den Trojaner habe ich mit im Netz eingefangen... wollte einen Film online schauen und habe einen neuen Stream (StreamCloud.eu) genommen und dann kam was von Sexseiten und dann die Warnung von Windows Defender und das da was eliminiert wurde, das sitzt immernoch in der Quarantäne und trotzdem fing der Trojaner an zu wirken..... Ich bin immer mit dem Explorer unterwegs. LG Kirsten |
07.06.2012, 18:55 | #4 |
/// Malware-holic | Verschlüsselungs-Trojaner hat mich erwischt wegen der daten wiederherstellung: http://www.trojaner-board.de/115496-...erstellen.html tja wer illegale inhalte im netz nutzt, muss sich nicht wundern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Verschlüsselungs-Trojaner hat mich erwischt |
abgesicherte, abgesicherten, abgesicherten modus, alternate, applaus, betreiber, bilder, bli, blink, canon, corp./icp, dokumente, erwischt, freischalten, funktionier, große, hallo zusammen, helper, hinweis, hochgefahren, laptop, locker, malwarebytes, microsoft office word, modus, nvstor.sys, office 2007, plug-in, schicke, schicken, searchscopes, seite, systemwiderherstellung, video, zusammen |