Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "5suxrt589cxuftg.exe"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.01.2012, 19:09   #1
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Hallo zusammen,



Kurze schilderung des "Unfallhergangs" ;

Ich habe über google nach dem Release Date eines Songs gesucht, ich besuchte also eines der Ergebnisse,wärehend die Seite lud besuchte ich das WC vondem aus ich den Signalton von Avira hörte. Wieder am Notebook angekommen war der Desktop voll von Scareware alias Vista Security 2012. Währenddessen klingelte das Iphone, nachdem Telefonat zeigte der Desktop ein weisses Fenster in der stand/steht. " Es besteht noch keine Internetverbindung, Bitte warten..."
Ich schaltete das Notebook ab und wieder ein, wieder der weiße Bildschirm mit besagter Inschrift.

Jegliche versuche das NB zubooten (Abgesicherter Modus, von Avira Rescue CD) scheiterten. Jetzt habe ich es geschafft mit OTLPENet.exe das NB zubooten, desweiteren habe ich OTLPE scannen lassen. Die logfiles liegen auch in C:\OTL.Txt und Extras.Txt, jedoch schaff ich es nicht diese zu exportieren (USB-Stick wird nicht über Arbeitsplatz angezeigt/ Internet-verbindung besteht nicht)


Über Hilfe würde ich mich sehr Freuen!

Alt 04.01.2012, 19:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



USB-Geräte müssen vor dem Booten von OTLPE am Rechner eingesteckt sein.
Dieses Problem kenn ich auch schon allzu lange es ist auch bei selbst erstellten BartPE-CDs und ich hab noch keinen Fix dazu gefunden. Falls ich Zugriff auf einen USB-Datenträger brauch hab ich mir daher angewöhnt solche USB-Datenträger immer vor dem Booten einzustecken.
__________________

__________________

Alt 05.01.2012, 19:03   #3
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Super hat geklappt!

Hier nun die LogFiles von Otlpe.


OTL.txt

Code:
ATTFilter
OTL logfile created on: 1/4/2012 6:00:10 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 110.56 Gb Free Space | 37.09% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/11/28 11:04:58 | 001,514,304 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/30 17:23:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 08:06:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/13 23:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/13 23:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2006/11/24 05:57:54 | 000,107,008 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/11/24 09:34:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/08/17 06:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 06:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 06:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 06:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/06/30 17:23:00 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 17:23:00 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 09:59:03 | 000,075,264 | ---- | M] () [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/10/29 09:10:55 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/13 23:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/13 23:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/13 23:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/13 23:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 04:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/29 12:41:00 | 007,497,792 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 10:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 04:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 03:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/03/28 00:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/02/24 23:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast.Marc-PC_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Gast.Marc-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/21 15:34:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 15:34:57 | 000,000,000 | ---D | M]
 
[2011/11/11 01:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/11 01:18:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/01 07:50:14 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IjmrHbDDJ3PyrXc] C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [IjmrHbDDJ3PyrXc] C:\Windows\System32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe ()
O4 - HKU\Gast.Marc-PC_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Marc_ON_C..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\Marc_ON_C..\Run: [IjmrHbDDJ3PyrXc] C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe) - C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe ()
O20 - HKU\Marc_ON_C Winlogon: Shell - (C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe) - C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O20 - Winlogon\Notify\nykkygy: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\nykkygy.dll - C:\Windows\System32\config\systemprofile\AppData\Local\nykkygy.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\cvh.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\sftdde.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/30 16:54:48 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Marc\AppData\Roaming\dwlGina3.dll
[2011/12/30 08:14:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Marc\AppData\Local\glx.exe
[2011/12/28 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\redsn0w
[2011/12/28 15:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/28 15:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/28 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/28 15:17:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/24 07:04:04 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\Dies,Das
[2011/12/17 10:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/12/17 10:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\MP3GainPortable
[2011/12/15 15:38:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 15:38:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 15:38:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 15:38:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 15:38:07 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/15 15:38:07 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/15 15:38:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/15 15:38:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/12/15 15:38:07 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/15 15:38:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 15:37:59 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 15:37:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 15:37:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/08 15:56:14 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Native Instruments
[2011/12/08 15:54:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{618727BE-40FF-4E42-AB24-60F292ECDF2B}
[2011/12/08 15:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/12/08 15:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011/12/08 15:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011/12/08 15:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/12/07 10:27:56 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\Desktop\OpenOffice
[2011/12/07 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\ICQ
[2011/12/07 10:23:02 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Macromedia
[2011/12/07 10:22:58 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Adobe
[2011/12/07 10:21:57 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\TuneUp Software
[2011/12/07 10:21:08 | 000,000,000 | R--D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/07 10:21:08 | 000,000,000 | R--D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/07 10:21:08 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\LocalLow
[2011/12/07 10:20:59 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Identities
[2011/12/07 10:20:52 | 000,000,000 | -HSD | C] -- C:\Users\Gast.Marc-PC\AppData\Local\Verlauf
[2011/12/07 10:20:52 | 000,000,000 | -HSD | C] -- C:\Users\Gast.Marc-PC\AppData\Local\Temporary Internet Files
[2011/12/07 10:20:52 | 000,000,000 | -HSD | C] -- C:\Users\Gast.Marc-PC\Documents\Eigene Videos
[2011/12/07 10:20:52 | 000,000,000 | -HSD | C] -- C:\Users\Gast.Marc-PC\Documents\Eigene Musik
[2011/12/07 10:20:52 | 000,000,000 | -HSD | C] -- C:\Users\Gast.Marc-PC\Documents\Eigene Bilder
[2011/12/07 10:20:52 | 000,000,000 | -HSD | C] -- C:\Users\Gast.Marc-PC\AppData\Local\Anwendungsdaten
[2011/12/07 10:20:51 | 000,000,000 | --SD | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft
[2011/12/07 10:20:51 | 000,000,000 | R--D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/07 10:20:51 | 000,000,000 | R--D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Local\Temp
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Local\Microsoft Help
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Local\Microsoft
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Roaming\Media Center Programs
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC\AppData\Local
[2011/12/07 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Gast.Marc-PC
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/04 11:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 11:29:39 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/04 11:29:39 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/04 11:29:13 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 11:29:12 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 11:29:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 10:30:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D67EDD02-BA11-45A5-A501-D0D67A1489C2}.job
[2011/12/30 16:54:48 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Marc\AppData\Roaming\dwlGina3.dll
[2011/12/30 10:26:56 | 000,010,998 | -HS- | M] () -- C:\ProgramData\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/30 10:26:55 | 000,010,998 | -HS- | M] () -- C:\Users\Marc\AppData\Local\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/30 09:48:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 08:26:23 | 000,228,864 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe
[2011/12/30 08:14:14 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Marc\AppData\Local\glx.exe
[2011/12/28 15:59:37 | 000,096,856 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/28 15:23:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/20 13:35:50 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/20 13:35:50 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 13:35:50 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/20 13:35:50 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 11:19:30 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/12/17 21:42:44 | 000,297,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/17 10:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011/12/17 10:26:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011/12/08 15:54:40 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011/12/07 10:46:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/07 10:26:15 | 000,000,104 | ---- | M] () -- C:\Users\Gast.Marc-PC\Desktop\Computer.lnk
[2011/12/07 10:22:49 | 000,000,943 | ---- | M] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/30 10:42:49 | 000,228,864 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe
[2011/12/30 08:14:14 | 000,010,998 | -HS- | C] () -- C:\Users\Marc\AppData\Local\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/30 08:14:14 | 000,010,998 | -HS- | C] () -- C:\ProgramData\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/28 17:32:41 | 000,055,808 | ---- | C] () -- C:\Windows\System\zlib1.dll
[2011/12/08 15:54:40 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011/12/07 10:26:15 | 000,000,104 | ---- | C] () -- C:\Users\Gast.Marc-PC\Desktop\Computer.lnk
[2011/12/07 10:22:49 | 000,000,943 | ---- | C] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/07 10:21:10 | 000,000,949 | ---- | C] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/07 10:21:08 | 000,000,944 | ---- | C] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/07 10:20:57 | 000,000,915 | ---- | C] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/12/07 10:20:51 | 000,000,258 | ---- | C] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/07 10:20:51 | 000,000,240 | ---- | C] () -- C:\Users\Gast.Marc-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/22 08:17:02 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/06/15 07:41:31 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/02/13 16:37:50 | 000,000,257 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\com.plutinosoft.idemo.plist
[2011/01/06 18:56:23 | 000,096,856 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/18 10:36:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/08/02 15:16:19 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/02 15:16:19 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/02 15:16:19 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/01 14:22:17 | 000,037,376 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 15:42:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/31 15:41:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/31 15:41:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/31 10:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/31 10:09:32 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/31 10:09:32 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/31 09:58:48 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010/07/31 09:58:48 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2010/07/31 09:10:01 | 000,000,680 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2008/01/21 02:15:58 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/03/29 05:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,297,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/15 00:17:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011/12/07 10:24:08 | 000,000,000 | ---D | M] -- C:\Users\Gast.Marc-PC\AppData\Roaming\ICQ
[2011/12/07 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\Gast.Marc-PC\AppData\Roaming\TuneUp Software
[2010/08/02 15:11:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Audacity
[2011/07/24 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.facebookdesktop.app
[2011/07/04 07:24:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 15:59:08 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\de.txptr.googleplus
[2011/10/05 10:48:53 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DesktopIconForAmazon
[2011/12/30 08:15:12 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ICQ
[2011/03/13 11:01:14 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ICQ-Tools.de
[2010/07/31 13:54:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\johnsadventures.com
[2010/12/08 07:12:00 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\MyVideoDownloader
[2011/11/19 06:15:08 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Nokia
[2011/11/19 06:15:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Nokia Suite
[2011/11/19 06:15:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PC Suite
[2010/07/31 14:41:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Philipp Winterberg
[2010/08/01 05:38:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PhotoFiltre Studio X
[2011/12/28 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\redsn0w
[2011/12/17 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\SoftGrid Client
[2010/08/06 03:46:23 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\T-Online
[2011/11/23 12:15:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TP
[2011/12/05 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TuneUp Software
[2011/02/23 18:04:29 | 000,000,000 | -H-D | M] -- C:\Users\Marc\AppData\Roaming\Verknüpfungen
[2010/07/31 09:08:08 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/10/29 09:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/07/31 09:08:08 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/07/31 09:08:08 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/21 12:28:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Hobbyist Software
[2010/08/05 03:37:05 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2011/06/22 08:10:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MP3 Remix
[2011/12/08 15:50:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2011/11/18 17:13:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011/11/18 17:08:20 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/11/18 17:15:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/07/31 09:08:08 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/05 12:12:24 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011/12/03 05:43:17 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2010/07/31 09:08:08 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/23 11:24:35 | 000,000,000 | ---D | M] -- C:\ProgramData\webcamXP 5
[2011/12/05 12:09:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/01/05 14:29:42 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/08 15:54:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\{618727BE-40FF-4E42-AB24-60F292ECDF2B}
[2010/07/31 11:09:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/12/30 08:15:19 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/04 10:30:08 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D67EDD02-BA11-45A5-A501-D0D67A1489C2}.job
 
========== Purity Check ==========
 
 
< End of report >
         
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 1/4/2012 6:00:10 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 110.56 Gb Free Space | 37.09% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.3
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RarZilla Free Unrar" = RarZilla Free Unrar
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
< End of report >
         
__________________

Alt 05.01.2012, 21:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [IjmrHbDDJ3PyrXc] C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O4 - HKU\.DEFAULT..\Run: [IjmrHbDDJ3PyrXc] C:\Windows\System32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe ()
O4 - HKU\Marc_ON_C..\Run: [IjmrHbDDJ3PyrXc] C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe) - C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe ()
O20 - HKU\Marc_ON_C Winlogon: Shell - (C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe) - C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe ()
O20 - Winlogon\Notify\nykkygy: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\nykkygy.dll - C:\Windows\System32\config\systemprofile\AppData\Local\nykkygy.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011/12/30 16:54:48 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Marc\AppData\Roaming\dwlGina3.dll
[2011/12/30 08:14:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Marc\AppData\Local\glx.exe
[2011/12/28 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\redsn0w
[2011/12/30 16:54:48 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Marc\AppData\Roaming\dwlGina3.dll
[2011/12/30 10:26:56 | 000,010,998 | -HS- | M] () -- C:\ProgramData\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/30 10:26:55 | 000,010,998 | -HS- | M] () -- C:\Users\Marc\AppData\Local\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/30 09:48:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 08:26:23 | 000,228,864 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe
[2011/12/30 08:14:14 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Marc\AppData\Local\glx.exe
[2011/12/30 10:42:49 | 000,228,864 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe
[2011/12/30 08:14:14 | 000,010,998 | -HS- | C] () -- C:\Users\Marc\AppData\Local\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/30 08:14:14 | 000,010,998 | -HS- | C] () -- C:\ProgramData\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273
[2011/12/28 17:32:41 | 000,055,808 | ---- | C] () -- C:\Windows\System\zlib1.dll
:Commands
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.01.2012, 23:02   #5
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Hier schonmal das LogFile nach dem Fix.
Allerdings gab es keinen Neustart, soll ich den Manuell vornehmen?!

Den Quarantäne Ordner werde ich gleich Packen, dauert ein bisschen da ich mit dem Infizierten Notebook keine Internetverbindung habe und alles über eine Externe laufen lasse.

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IjmrHbDDJ3PyrXc not found.
File C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\IjmrHbDDJ3PyrXc not found.
File C:\Windows\System32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe not found.
Registry value HKEY_USERS\Marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\IjmrHbDDJ3PyrXc not found.
File C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe deleted successfully.
File C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe deleted successfully.
File C:\Windows\System32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe not found.
Registry value HKEY_USERS\Marc_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe deleted successfully.
File C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nykkygy\ not found.
File C:\Windows\System32\config\systemprofile\AppData\Local\nykkygy.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File C:\Users\Marc\AppData\Roaming\dwlGina3.dll not found.
File C:\Users\Marc\AppData\Local\glx.exe not found.
Folder C:\Users\Marc\AppData\Roaming\redsn0w\ not found.
File C:\Users\Marc\AppData\Roaming\dwlGina3.dll not found.
File C:\ProgramData\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273 not found.
File C:\Users\Marc\AppData\Local\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273 not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe not found.
File C:\Users\Marc\AppData\Local\glx.exe not found.
File C:\Users\Marc\AppData\Roaming\5suxrt589cxuftg.exe not found.
File C:\Users\Marc\AppData\Local\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273 not found.
File C:\ProgramData\68w65pw831ojuie12t7gh7q8nwn4c2txecqn2w3r2v273 not found.
File C:\Windows\System\zlib1.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01052012_225707
         


Alt 06.01.2012, 11:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Wenn die ZIP zu groß ist bitte bei File-Upload.net - Ihr kostenloser File Hoster! hochladen und hier verlinken
__________________
--> "5suxrt589cxuftg.exe"

Alt 06.01.2012, 13:35   #7
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



So das Notebook Bootet wieder, allerdings konnten keine Verbindung mit einem Windows-Dienst hergestellt werden, außerdem werden keine Icons auf dem Desktop angezeigt.Ganz zuschweigen davon das keine Performance mehr vorhanden ist. Programme lassen sich auch nicht starten, deshalb kann ich immoment keine ZIP-Datei erstellen.

Alt 06.01.2012, 15:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.01.2012, 17:19   #9
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Der Abgesicherte Modus geht, allerdings ohne Netztwerkverbindung.
Selbe Fehlermeldung.

Alt 07.01.2012, 17:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Versuch mal im normalen Modus das Netzwerk zu resetten:
  • Klick mit rechts auf einen freien Bereich auf dem Desktop und sag "Neu, Verknüpfung erstellen"
  • Tipp als Ziel cmd.exe ein und bestätige mit OK, eine neue Verknüpfung zur Konsole auf dem Desktop müsste sich nun befinden
  • Falls dem so ist, diese neue Verknüpfung zu cmd.exe auf dem Desktop rechtsklicken => Als Administrator ausführen => Sicherheitsabfrage der Benutzerkontensteuerung ggf. bestätigen => schwarze Eingabeaufforderung öffnet sich
  • Tipp dort ein:
    Code:
    ATTFilter
    netsh int ip reset c:\resetlog.txt
             
    und bestätige mit enter.
  • zweiten Befehl eintippen und ausführen:

    Code:
    ATTFilter
    netsh branchcache reset
             
  • dritten Befehl eintippen und ausführen:

    Code:
    ATTFilter
    netsh winsock reset
             
  • Öffne die Datei c:\resetlog.txt und poste den Inhalt hier mit CODE-Tags umschlossen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.01.2012, 16:02   #11
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Mir steht kein Kontextmenü zuverfügung, daher kann ich die Schritte nicht ausführen.
Außerdem kann ich keine Programme öffnen, es erscheint immer ein Fenster indem ich gefragt werde mit welchen Programm soll xy.exe geöffnet werden. Sind noch so einige Dinge die nicht laufen, daher würde ich Windows neu aufsetzten. Ist es denn sicher meine Daten auf eine Externe zuspeichern, oder besteht noch ein großes Risiko einer neu Infektion? Und wie sieht das mit dem Quaratäneordner von OTL aus, kann ich den auch auf meine externe ziehen und von einem anderen Rechner packen?

Alt 08.01.2012, 16:14   #12
Marc.
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Gelöscht da doppelt.

Geändert von Marc. (08.01.2012 um 16:16 Uhr) Grund: Gelöscht da doppelt.

Alt 08.01.2012, 20:58   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"5suxrt589cxuftg.exe" - Standard

"5suxrt589cxuftg.exe"



Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist



4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2012, 19:21   #14
Marc.
 
"5suxrt589cxuftg.exe" - Daumen hoch

"5suxrt589cxuftg.exe"



Daten sind alle gerettet,waren zum Glück nicht so viele dank vohrieger Sicherungen, Platte komplett Formatiert und auf Windows 7 umgestiegen. Leider war es mir nicht möglich die Kopie des Virus euch zuverfügung zustellen.

Ich danke Dir cosinus für deine Hilfe und die Mühe die Du dir gemacht hast! Wirklich klasse, !!!

Antwort

Themen zu "5suxrt589cxuftg.exe"
5suxrt589cxuftg.exe, arbeitsplatz, avira, avira rescue, besuch, bildschirm, desktop, ergebnisse, fenster, gesucht, google, hallo zusammen, internetverbindung, logfiles, modus, notebook, rescue cd, scan, scannen, scareware, security, seite, verbindung, vista, voll, weiße




Ähnliche Themen: "5suxrt589cxuftg.exe"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  4. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  5. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  6. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  7. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  8. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  9. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  10. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  11. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  12. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  13. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  14. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  15. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema "5suxrt589cxuftg.exe" - Hallo zusammen, Kurze schilderung des "Unfallhergangs" ; Ich habe über google nach dem Release Date eines Songs gesucht, ich besuchte also eines der Ergebnisse,wärehend die Seite lud besuchte ich das - "5suxrt589cxuftg.exe"...
Archiv
Du betrachtest: "5suxrt589cxuftg.exe" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.