Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Infiziert durch den Virus: Trojan.Sirefef.JD (https://www.trojaner-board.de/122247-infiziert-virus-trojan-sirefef-jd.html)

Brainy86 16.08.2012 13:51
Infiziert durch den Virus: Trojan.Sirefef.JD
 
Hallo,

es gibt bereits das gleiche Thema und habe dort auch schon gelesen was zu tun ist.
Deshalb poste ich hier nur noch meine Logdateien von Anti-Malware und OTL und hoffe, dass mir geholfen werden kann!
Vielen Dank schonmal im Voraus!

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Br****** :: PC-BR***** [Administrator]

Schutz: Aktiviert

16.08.2012 10:53:37
mbam-log-2012-08-16 (14-09-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415306
Laufzeit: 3 Stunde(n), 10 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\hyckailzfbxmuih (Trojan.Phex.THAGen6) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Temp\DAT1CF.tmp.exe (Trojan.Phex.THAGen6) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Anwendungsdaten\{29db74fc-cbd3-92c6-2b74-381454de46bf}\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Temp\2857562.exe (Trojan.Phex.THAGen6) -> Keine Aktion durchgeführt.
C:\System.dll (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Keine Aktion durchgeführt.

(Ende)



Hier die beiden von OTL

OTL Extras logfile created on: 16.08.2012 14:16:12 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\br****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,66% Memory free
3,85 Gb Paging File | 3,27 Gb Available in Paging File | 84,99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,09 Gb Total Space | 272,34 Gb Free Space | 91,36% Space Free | Partition Type: NTFS
Drive D: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 321,59 Gb Total Space | 272,60 Gb Free Space | 84,76% Space Free | Partition Type: NTFS

Computer Name: PC-BR**** | User Name: Br**** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1078081533-1085031214-839522115-1155\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{110560C9-8C37-4604-A070-2FDA67934F8B}" = Vitodesk Browser
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20F36C3E-FB7A-42F0-9300-F4C8002DACD9}" = Bricscad 12.1
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-8009-0407-0002-0060B0CE6BBA}" = AutoCAD LT 2010 - Deutsch
"{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition
"{5B65536C-4AAE-41FE-BDCE-CDAD8C893340}" = INFORM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8148B86A-5FD5-4498-BE55-2CB1AFEFBF59}" = HPV Solo 2007 SP2
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A0BA16B-6947-45D4-B796-0EB9C86AA226}" = TROX Easy Product Finder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoCAD LT 2010 - Deutsch" = AutoCAD LT 2010 - Deutsch
"AutoCAD LT 2010 - Deutsch Version 2" = AutoCAD LT 2010 - Deutsch Version 2
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition
"FreePDF_XP" = FreePDF (Remove only)
"F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning
"GMX Update" = GMX Update
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SyAM Software System Client_is1" = SyAM Software System Client 4.00
"Vitodesk Browser" = Vitodesk 100 CAD-Bibliothek
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.08.2012 05:39:08 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 581 2012-08-16 11:39:08+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\800000cb.$.
Infection: Trojan.Sirefef.JD

Error - 16.08.2012 05:39:14 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 582 2012-08-16 11:39:14+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\00000001.$.
Infection: Trojan.Sirefef.JC

Error - 16.08.2012 05:39:22 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 583 2012-08-16 11:39:22+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\00000001.$.
Infection: Trojan.Sirefef.JC

Error - 16.08.2012 05:39:23 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 584 2012-08-16 11:39:23+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\80000000.$.
Infection: Trojan.Sirefef.JD

Error - 16.08.2012 05:39:24 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 585 2012-08-16 11:39:24+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\800000cb.$.
Infection: Trojan.Sirefef.JD

Error - 16.08.2012 05:39:31 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 586 2012-08-16 11:39:31+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\80000000.$.
Infection: Trojan.Sirefef.JD

Error - 16.08.2012 05:39:33 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 587 2012-08-16 11:39:33+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\800000cb.$.
Infection: Trojan.Sirefef.JD

Error - 16.08.2012 05:39:36 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 588 2012-08-16 11:39:36+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\00000001.$.
Infection: Trojan.Sirefef.JC

Error - 16.08.2012 05:39:40 | Computer Name = PC-BR**** | Source = F-Secure Anti-Virus | ID = 103
Description = 589 2012-08-16 11:39:40+02:00 pc-br**** PE\Br**** F-Secure
Anti-Virus Malicious code found in file C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\80000000.$.
Infection: Trojan.Sirefef.JD

Error - 16.08.2012 05:43:44 | Computer Name = PC-BR**** | Source = Userenv | ID = 1053
Description = Der Benutzer oder der Computername kann nicht ermittelt werden. (Der
RPC-Server ist nicht verfügbar. ). Die Verarbeitung der Gruppenrichtlinie wurde
abgebrochen.

[ System Events ]
Error - 16.08.2012 03:46:06 | Computer Name = PC-BR**** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hyckailzfbxmuih.

Error - 16.08.2012 03:46:06 | Computer Name = PC-BR**** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 16.08.2012 04:09:00 | Computer Name = PC-BR**** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst hyckailzfbxmuih.

Error - 16.08.2012 04:09:00 | Computer Name = PC-BR**** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 16.08.2012 04:25:59 | Computer Name = PC-BR**** | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_FSBL\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.

Error - 16.08.2012 08:08:45 | Computer Name = PC-BR**** | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 16.08.2012 08:08:46 | Computer Name = PC-BR**** | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 16.08.2012 08:11:50 | Computer Name = PC-BR**** | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 16.08.2012 08:13:27 | Computer Name = PC-BR**** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 16.08.2012 08:13:27 | Computer Name = PC-BR**** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde


< End of report >






OTL logfile created on: 16.08.2012 14:16:12 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\br****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,66% Memory free
3,85 Gb Paging File | 3,27 Gb Available in Paging File | 84,99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,09 Gb Total Space | 272,34 Gb Free Space | 91,36% Space Free | Partition Type: NTFS
Drive D: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 321,59 Gb Total Space | 272,60 Gb Free Space | 84,76% Space Free | Partition Type: NTFS

Computer Name: PC-BR**** | User Name: Br**** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\br****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FIH32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Dokumente und Einstellungen\br****\Bluebirds\BlueBirds.exe (LG Electronics)
PRC - C:\Programme\syam\system_monitor\agent\smaagent.exe (SyAM Software, Inc.)
PRC - C:\Programme\syam\jetty\SMWebSrv.exe ()
PRC - C:\Programme\syam\java\bin\java.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\c:\programme\f-secure\hips\fsumi.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
MOD - C:\Programme\syam\jetty\SMWebSrv.exe ()
MOD - C:\Programme\syam\java\bin\zip.dll ()
MOD - C:\Programme\syam\jetty\lib\Wrapper.dll ()
MOD - C:\Programme\syam\java\bin\hpi.dll ()
MOD - C:\Programme\syam\java\bin\java.exe ()
MOD - C:\Programme\syam\java\bin\java.dll ()
MOD - C:\Programme\syam\java\bin\net.dll ()
MOD - C:\Programme\syam\java\bin\verify.dll ()
MOD - C:\Programme\syam\java\bin\client\jvm.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SMAgent) -- C:\Programme\syam\system_monitor\agent\smaagent.exe (SyAM Software, Inc.)
SRV - (SMWebSrv) -- C:\Programme\syam\jetty\SMWebSrv.exe ()
SRV - (winvnc) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (caniodrvr) -- C:\Programme\syam\system_monitor\agent\drivers\Caniodrvr.sys (Windows (R) 2000 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.gmx.net/homeabout:blank [binary data]
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.gmx.net
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes\{2302590B-3AB4-444D-B3C2-004B08713CC3}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes\{7E0C158D-694B-46E6-860B-94D0AC65D7F1}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes\{B130F4CD-1C0B-4BFC-B3C6-756A8F4FC898}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes\{E8E976B1-D22F-46E4-BD03-67383F6EE81C}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..\SearchScopes\{ED72ED65-796A-49A9-9B3A-21E324F911F8}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "GMX Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/suchbox/gmxsuche?su="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.30 08:39:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.26 11:39:40 | 000,000,000 | ---D | M]

[2009.11.12 15:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Mozilla\Extensions
[2012.07.26 07:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Mozilla\Firefox\Profiles\zkmd6f47.default\extensions
[2010.01.29 10:49:47 | 000,005,591 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Mozilla\Firefox\Profiles\zkmd6f47.default\searchplugins\1und1-suche.xml
[2010.01.29 10:49:46 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Mozilla\Firefox\Profiles\zkmd6f47.default\searchplugins\amazonde.xml
[2010.01.29 10:49:47 | 000,010,605 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Mozilla\Firefox\Profiles\zkmd6f47.default\searchplugins\gmx-suche.xml
[2010.01.29 10:49:46 | 000,005,588 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Mozilla\Firefox\Profiles\zkmd6f47.default\searchplugins\webde-suche.xml
[2012.01.10 13:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.29 10:49:20 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.29 10:49:20 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}
[2012.07.30 08:39:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.22 12:48:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.22 12:48:27 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.22 12:48:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 12:48:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 12:48:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 12:48:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2007.10.29 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [GMX Update] C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1078081533-1085031214-839522115-1155..\Run: [bluebirds] C:\Dokumente und Einstellungen\br****\Bluebirds\BlueBirds.exe (LG Electronics)
O4 - HKU\S-1-5-21-1078081533-1085031214-839522115-1155..\Run: [Power2GoExpress] NA File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..Trusted Domains: s ([]* in Local intranet)
O15 - HKU\S-1-5-21-1078081533-1085031214-839522115-1155\..Trusted Domains: t-ntc-001 ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pe-intern.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D1B0D9C-478B-4952-A5DC-95283BBA388E}: NameServer = 192.168.0.254,192.168.0.2
O18 - Protocol\Handler\brx {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Programme\Bricsys\Bricscad V12\BrxProtIE.dll (BricsCad)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\brosowski\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.06 14:04:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\##t-ntc-001#Inst#!AutoInst#!CTUpdatesXP#2009-07\Shell - "" = AutoRun
O33 - MountPoints2\##t-ntc-001#Inst#!AutoInst#!CTUpdatesXP#2009-07\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##t-ntc-001#Inst#!AutoInst#!CTUpdatesXP#2009-07\Shell\AutoRun\command - "" = Z:\UpdateInstaller.exe
O33 - MountPoints2\{30f11d91-c85f-11de-bfe3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{30f11d91-c85f-11de-bfe3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30f11d91-c85f-11de-bfe3-806d6172696f}\Shell\AutoRun\command - "" = D:\BlueBirds.exe -- [2009.04.29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O33 - MountPoints2\{4c243091-bc96-11de-b033-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4c243091-bc96-11de-b033-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c243091-bc96-11de-b033-806d6172696f}\Shell\AutoRun\command - "" = D:\BlueBirds.exe -- [2009.04.29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.16 10:49:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Malwarebytes
[2012.08.16 10:49:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.08.16 10:49:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.08.16 10:49:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.16 10:49:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.08.16 10:48:54 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\br****\Desktop\OTL.exe
[2012.08.16 10:47:22 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\brosowski\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.16 07:19:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.02 12:09:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trox
[2012.08.02 12:08:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Anwendungsdaten\Trox
[2012.08.02 11:01:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TROX Auslegungsprogramme
[2012.08.02 11:00:25 | 000,000,000 | ---D | C] -- C:\Programme\Trox
[2012.08.02 10:43:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2012.07.26 14:55:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\br****\Desktop\Revisionsunterlagen Toni
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.16 14:11:58 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.08.16 14:11:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.16 14:11:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.16 14:11:35 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 13:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.16 10:49:48 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.16 10:49:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\br****\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.16 10:49:06 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\brosowski\Desktop\OTL.exe
[2012.08.16 08:37:50 | 000,348,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.16 07:21:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.15 14:59:52 | 000,044,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.08.15 07:39:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.15 07:39:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.14 13:36:56 | 000,000,063 | ---- | M] () -- C:\WINDOWS\Wor.INI
[2012.08.09 15:12:24 | 000,045,052 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Desktop\Büro.dwg
[2012.08.09 15:11:46 | 000,040,373 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Desktop\Büro.bak
[2012.08.09 14:28:12 | 000,002,309 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Easy Product Finder.lnk
[2012.08.09 09:40:09 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Desktop\Microsoft Office Excel 2007.lnk
[2012.08.06 08:46:32 | 000,000,206 | -H-- | M] () -- N:\Profiles\Br****\Zeichnung1.dwl2
[2012.08.06 08:46:32 | 000,000,056 | -H-- | M] () -- N:\Profiles\Br****\Zeichnung1.dwl
[2012.08.06 07:38:11 | 000,527,130 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.08.06 07:38:11 | 000,503,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.08.06 07:38:11 | 000,105,542 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.08.06 07:38:11 | 000,088,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.01 08:43:48 | 001,742,500 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Desktop\Europahalle KA-Revisionsplan_Schema_Heizung .pdf
[2012.08.01 07:02:32 | 000,047,534 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Desktop\600371_3572540387066_1428900433_n.jpg
[2012.07.30 09:01:00 | 000,425,408 | ---- | M] () -- C:\Dokumente und Einstellungen\br****\Desktop\SEF_Plankopf.dwg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.16 11:30:23 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\80000000.@
[2012.08.16 11:30:22 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\U\00000001.@
[2012.08.16 10:49:48 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.09 13:30:18 | 000,045,052 | ---- | C] () -- C:\Dokumente und Einstellungen\br****\Desktop\Büro.dwg
[2012.08.09 13:30:18 | 000,040,373 | ---- | C] () -- C:\Dokumente und Einstellungen\br****\Desktop\Büro.bak
[2012.08.02 11:01:47 | 000,002,309 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Easy Product Finder.lnk
[2012.08.01 07:02:30 | 000,047,534 | ---- | C] () -- C:\Dokumente und Einstellungen\br****\Desktop\600371_3572540387066_1428900433_n.jpg
[2012.07.30 09:01:00 | 000,425,408 | ---- | C] () -- C:\Dokumente und Einstellungen\br****\Desktop\SEF_Plankopf.dwg
[2012.05.10 15:34:26 | 000,666,000 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.02.23 07:59:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.27 10:56:47 | 000,002,205 | ---- | C] () -- C:\Dokumente und Einstellungen\br****\.recently-used.xbel
[2010.11.17 09:53:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waa.INI
[2010.09.30 15:29:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vitodesk Browser.INI
[2010.09.17 10:08:12 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010.09.03 14:30:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.11.12 15:12:43 | 000,002,412 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2009.10.06 14:52:21 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{29db74fc-cbd3-92c6-2b74-381454de46bf}\@
[2009.10.06 14:52:21 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Anwendungsdaten\{29db74fc-cbd3-92c6-2b74-381454de46bf}\@

========== LOP Check ==========

[2010.05.21 13:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.PE\Anwendungsdaten\F-Secure
[2009.12.17 09:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2012.03.07 15:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2009.11.12 17:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2009.11.12 16:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2010.01.29 10:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2010.09.17 09:54:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet
[2009.10.19 12:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012.08.02 12:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trox
[2010.01.29 10:49:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B00EAAA7-F13E-4331-8129-65E59662AFA6}
[2010.01.29 10:49:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B8D53BEA-6377-4E04-8901-F6960C01E454}
[2009.12.17 09:59:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Autodesk
[2012.06.05 14:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Bricsys
[2010.09.17 09:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\Downloaded Installations
[2011.09.27 10:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\gtk-2.0
[2010.09.17 09:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\PixelPlanet
[2010.09.17 10:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\PrimoPDF
[2010.03.02 12:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\PTC
[2010.09.16 14:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\br****\Anwendungsdaten\VSX

========== Purity Check ==========



< End of report >

cosinus 18.08.2012 11:01
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Brainy86 20.08.2012 08:57
Liste der Anhänge anzeigen (Anzahl: 1)
Funde befinden sich in Quarantäne, siehe angehängte Datei.

cosinus 21.08.2012 11:34
Im Log siehts aber so aus, als wenn nicht gemacht worden wäre

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Brainy86 23.08.2012 08:11
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=91931ce67433b44d8a864558aeed49ba
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-23 07:06:51
# local_time=2012-08-23 09:06:51 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 1431 1431 0 0
# scanned=121835
# found=1
# cleaned=0
# scan_time=2110
C:\Dokumente und Einstellungen\br****\Lokale Einstellungen\Temp\ICReinstall_DownloadAcceleratorSetup.exe        a variant of Win32/InstallCore.AN application (unable to clean)        00000000000000000000000000000000        I

cosinus 30.08.2012 13:37
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19