Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.11.2012, 17:40   #1
lavie
 
appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? - Standard

appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?



Guten Abend,

seit gestern erscheint immer wieder die Avira Meldung, dass folgendes gefunden wurde:
Datei appConf32.exe ist der Trojaner TR/Crypt.EPACK.Gen2

Hier das Logfile von Malewarebytes Anti-Malware:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Anni :: ANNI-PC [Administrator]

Schutz: Deaktiviert

26.11.2012 17:23:30
mbam-log-2012-11-26 (17-35-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199073
Laufzeit: 10 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Anni\AppData\Roaming\ACROIEHELPE.DLL (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Anni\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Keine Aktion durchgeführt.
C:\Users\Anni\AppData\Roaming\APPCONF32.EXE (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)


Bitte helft mir.
Was soll ich tun?

Vielen Dank für eure Hilfe!

Sorry, durch den Registrierungsprozess ist das Thema in der falschen Subkategorie gelandet. Leider kann ichs nicht selbst verschieben...

Anbei noch die OTL Logfiles:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.11.2012 19:38:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,47% Memory free
4,25 Gb Paging File | 2,77 Gb Available in Paging File | 65,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 38,78 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
Drive E: | 679,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ANNI-PC | User Name: Anni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.26 19:33:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anni\Downloads\OTL.exe
PRC - [2012.11.25 13:21:28 | 000,040,960 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2012.11.18 10:25:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.07.24 19:27:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.08 16:32:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.07 20:28:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.05 22:21:34 | 001,993,456 | ---- | M] (NesterSoft Inc.) -- C:\Programme\TimeLeft3\TimeLeft.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.04 11:27:05 | 001,282,048 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe
PRC - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.07.22 09:36:20 | 000,132,448 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe
PRC - [2008.07.22 09:36:16 | 000,083,296 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
PRC - [2008.07.22 09:35:38 | 000,750,944 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.24 22:57:09 | 000,143,928 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\12001.086\components\AcroFF.dll
MOD - [2012.11.18 10:25:15 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.10.03 07:59:41 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.12.04 11:19:03 | 000,057,344 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_26_Win32.dll
MOD - [2008.12.02 13:49:03 | 000,441,344 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll
MOD - [2008.07.22 09:36:16 | 000,083,296 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
MOD - [2005.04.19 12:53:44 | 000,013,824 | ---- | M] () -- C:\Programme\TimeLeft3\trayclock.dll
MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.25 13:21:28 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Anni\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.11.18 10:25:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.24 19:27:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.08 16:32:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.07.22 09:35:38 | 000,750,944 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe -- (AshampooDefragService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.11.26 17:22:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.11.25 12:26:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.24 19:27:37 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.24 19:27:37 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.18 06:40:06 | 000,015,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudnflt.sys -- (ssudnflt)
DRV - [2011.02.18 05:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.02.18 05:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009.05.25 13:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic)
DRV - [2009.05.25 13:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 13:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus)
DRV - [2009.05.25 13:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 13:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV - [2009.05.25 13:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 13:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.06 05:57:12 | 000,017,640 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.01 23:14:33 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.01.14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006.12.13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2003.09.16 04:41:10 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ixquick.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826466F726D3D494538535243&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{09648CE1-F17D-4BF3-8301-7AFDB5C9E6EF}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{15E69DF5-97F5-49CA-8B46-DBC5910EC670}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{56D75E69-EAB2-43D7-B7F7-BBF6C9080D40}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{8C8E0464-C3AA-4E3A-A8A3-0E1CF7C0EC12}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9BF39461-460C-46D6-922D-2C8BFCDE84D5}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F3D8B71A-469B-491B-92C0-EA83ADA7091F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "facebook.com"
FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2
FF - prefs.js..extensions.enabledAddons: firejump@firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Anni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.12 17:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 08:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.18 10:25:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 10:25:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.12 17:48:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Anni\AppData\Roaming\Mozilla\Firefox\Profiles\ysptdhkj.default\extensions\firejump@firejump.net [2012.11.25 13:21:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Anni\AppData\Roaming\Mozilla\Firefox\Profiles\ysptdhkj.default\extensions\extension@preispilot.com [2012.11.25 13:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Anni\AppData\Roaming\12001.087 [2012.11.26 16:57:50 | 000,000,000 | ---D | M]
 
[2008.12.28 22:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Extensions
[2012.11.25 13:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions
[2010.04.30 18:27:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.18 12:15:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.11.25 13:21:47 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\extension@preispilot.com
[2012.11.25 13:21:43 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\firejump@firejump.net
[2012.11.25 13:23:37 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\foxyproxy@eric.h.jung
[2009.10.19 17:55:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\moveplayer@movenetworks.com
[2012.11.25 13:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\extension@preispilot.com\chrome
[2012.11.25 11:58:05 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.25 13:21:34 | 000,002,071 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\searchplugins\{0635C1F6-6BB3-4142-927C-3BF324B308D4}.xml
[2012.11.25 13:21:34 | 000,001,864 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\searchplugins\{279C5220-5D07-4296-A23F-7207C9254BE8}.xml
[2012.11.25 13:21:34 | 000,002,182 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\searchplugins\{B28EB58D-B031-46F4-BE74-1D2A0196B634}.xml
[2012.11.18 10:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.12.28 23:02:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.13 18:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2008.12.31 18:26:32 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Programme\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
[2008.12.31 18:26:32 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
[2012.11.26 17:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ANNI\APPDATA\ROAMING\12001.086
[2012.11.18 10:25:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.25 13:21:34 | 000,001,678 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.25 13:21:34 | 000,001,929 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.25 13:21:34 | 000,001,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.25 13:21:34 | 000,007,045 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.25 13:21:34 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.25 13:21:34 | 000,001,164 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.17 18:46:32 | 000,000,960 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Anni\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Programme\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: youtube.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.40.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52CC618D-E307-4A2E-B235-80924E4779CF}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DFCDF40-AA73-495A-B084-1C8FFDA8BDBA}: DhcpNameServer = 192.168.40.254
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.12.13 22:04:47 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{70a38b03-8207-11df-b4f8-0018370546fc}\Shell - "" = AutoRun
O33 - MountPoints2\{70a38b03-8207-11df-b4f8-0018370546fc}\Shell\AutoRun\command - "" = F:\DTSP_Launcher.exe
O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell - "" = AutoRun
O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012.10.01 11:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell\configure\command - "" = E:\setup.exe -- [2012.10.01 11:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell\install\command - "" = E:\setup.exe -- [2012.10.01 11:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\UAs
[2012.11.26 17:19:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.26 17:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.26 17:18:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.26 17:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.26 17:12:42 | 000,000,000 | ---D | C] -- C:\avrescue
[2012.11.26 16:57:47 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\12001.087
[2012.11.25 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\Anni\Desktop\bilder
[2012.11.25 13:21:43 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012.11.25 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\DesktopIconForAmazon
[2012.11.25 13:21:34 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Opera
[2012.11.25 13:21:28 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\OCS
[2012.11.25 12:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.11.25 12:26:31 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.11.25 12:26:29 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\DAEMON Tools Lite
[2012.11.25 12:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.11.25 12:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.11.24 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\12001.086
[2012.11.24 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\xmldm
[2012.11.24 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\kock
[2012.11.18 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.18 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.18 10:48:20 | 000,000,000 | ---D | C] -- C:\Users\Anni\Desktop\music
[2012.11.18 10:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.11.18 10:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2 C:\Users\Anni\AppData\Roaming\*.tmp files -> C:\Users\Anni\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 19:03:21 | 000,237,029 | ---- | M] () -- C:\Users\Anni\Desktop\20121126_1702168.jpg
[2012.11.26 18:56:51 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 18:56:51 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 17:41:50 | 002,429,025 | ---- | M] () -- C:\Users\Anni\Desktop\20121126_170216.jpg
[2012.11.26 17:22:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.26 17:21:11 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 17:01:44 | 000,643,018 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.26 17:01:44 | 000,608,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.26 17:01:44 | 000,133,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.26 17:01:44 | 000,109,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.26 16:57:43 | 000,000,048 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\blckdom.res
[2012.11.26 16:57:03 | 000,065,536 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\ysptdhkj.default.dat
[2012.11.26 16:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 16:56:26 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.25 21:20:28 | 000,082,902 | ---- | M] () -- C:\Users\Anni\Desktop\598466_3560198997268_673237016_n.jpg
[2012.11.25 12:26:31 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.11.25 11:22:25 | 000,002,637 | ---- | M] () -- C:\Users\Anni\Desktop\Word.lnk
[2012.11.24 22:57:02 | 000,250,976 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\AcroIEHelpe.dll
[2012.11.24 22:57:02 | 000,007,104 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\BAcroIEHelpe.dll
[2012.11.18 13:22:59 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.18 11:46:20 | 000,285,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.18 10:31:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cdc56f72628539.job
[2 C:\Users\Anni\AppData\Roaming\*.tmp files -> C:\Users\Anni\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.26 19:03:20 | 000,237,029 | ---- | C] () -- C:\Users\Anni\Desktop\20121126_1702168.jpg
[2012.11.26 17:41:32 | 002,429,025 | ---- | C] () -- C:\Users\Anni\Desktop\20121126_170216.jpg
[2012.11.26 17:19:01 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 21:20:27 | 000,082,902 | ---- | C] () -- C:\Users\Anni\Desktop\598466_3560198997268_673237016_n.jpg
[2012.11.25 13:21:43 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.24 22:57:02 | 000,250,976 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\AcroIEHelpe.dll
[2012.11.24 22:57:02 | 000,007,104 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\BAcroIEHelpe.dll
[2012.11.24 22:56:56 | 000,000,048 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\blckdom.res
[2012.11.24 22:56:49 | 000,065,536 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\ysptdhkj.default.dat
[2012.11.18 13:22:59 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.18 10:31:11 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cdc56f72628539.job
[2012.11.18 10:25:17 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.08.19 19:09:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.24 21:27:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.10 10:46:41 | 000,100,837 | ---- | C] () -- C:\Users\Anni\brandon.jpg
[2009.05.05 15:28:21 | 000,470,477 | ---- | C] () -- C:\Users\Anni\Das_Vorstellungsgespraech.pdf
[2009.04.21 17:57:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.28 23:03:58 | 000,073,216 | ---- | C] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.28 22:11:51 | 000,002,032 | ---- | C] () -- C:\Users\Anni\AppData\Local\d3d9caps.dat
[2008.12.09 16:23:13 | 000,053,712 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\appConf32.exe
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.26 17:52:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.086
[2012.11.26 16:57:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.087
[2009.06.24 16:18:38 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\AntMe
[2009.04.18 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Ashampoo
[2009.05.19 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Canneverbe_Limited
[2010.06.22 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ColorCop
[2009.01.03 12:08:39 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\COMPUTERBILD-Spionage-Stopper
[2012.11.25 12:48:44 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\DAEMON Tools Lite
[2011.08.14 09:48:34 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\de.txptr.googleplus
[2009.07.10 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Desktopicon
[2012.11.25 13:21:36 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\DesktopIconForAmazon
[2009.06.07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\diginet
[2011.11.11 17:58:03 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Dropbox
[2010.06.13 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Facebook
[2009.12.28 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\GARMIN
[2011.08.19 19:15:09 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\GlarySoft
[2009.06.20 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\gnupg
[2011.09.25 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ICQ
[2009.06.24 15:52:08 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ICSharpCode
[2012.11.24 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\kock
[2009.02.26 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\MAGIX
[2011.11.28 15:36:08 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ManyCam
[2011.07.31 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\MyPhoneExplorer
[2010.03.07 11:07:26 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\NeatImage PS
[2009.01.13 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\NeatImage SL
[2010.02.17 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\NesterSoft
[2012.11.25 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\OCS
[2012.11.25 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Opera
[2009.06.03 11:36:48 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\QIP
[2011.07.21 18:08:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Simfy
[2009.07.10 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Toolbars
[2012.11.26 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\UAs
[2012.11.26 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Anni\Documents\MOV00384.MP4:TOC.WMV

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.11.2012 19:38:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,47% Memory free
4,25 Gb Paging File | 2,77 Gb Available in Paging File | 65,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 38,78 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
Drive E: | 679,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ANNI-PC | User Name: Anni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1734861F-BD78-4D8E-84F3-60AF53446BE8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{27A6196C-E697-46BA-A55E-6A36D909F1E9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6F2E91B4-6E08-4A39-9566-B233B285DAC7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D40CF43-EAE3-4D25-9995-15149DF48580}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81681846-508B-43B1-9F15-45938ADF2F8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{96E54990-E702-4188-974D-7C5525193300}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B687C70E-AB2D-4777-823C-E256AF13072C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B8CBC7CE-9AA0-46E7-A123-BC1F12952E2C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DFF85943-F092-4276-9536-E17DF8A8E1AF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E4928839-AFAE-4634-A79F-15A97AE096F6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E9F82C3A-DE0F-4350-9399-37B5FDCF12DD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FEEA5E6E-063D-4200-AF09-7D1693C5AB47}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030C5C5D-6B4C-42BB-9B1E-96997C717C1E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{056B3C48-B349-455C-A171-3D3DA3A99148}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{0AD97A28-4925-4731-B966-CBC36F160B7B}" = protocol=6 | dir=in | app=c:\users\anni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0B4CBBA9-BD77-409C-A6FF-D39754E5276E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{118CBFB5-4DD6-4F6C-9770-923A00D198A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3289748E-9AEE-4BE4-9766-138DCBDB6358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{37681E50-A393-4576-B46B-79B1B8ADC389}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3B6DED57-B237-4CB0-A96D-65661D8273B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5D09DFFB-E0AF-46D8-A976-57F6DBB4057F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5F092116-B024-492A-8B8F-734200E29946}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{60EADAAB-01B0-47FF-B707-8CDE7FC8E59D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{6458950D-9864-4823-822B-A660F7190F0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{66C29ED8-26EC-4AD4-BF35-3974165B58EA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6CDB641E-FA6A-46CF-925A-0B07CBC3F079}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{8016DDC0-194F-4DA6-BC89-65307E4E1F01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{822CEF27-A916-4C6F-B6C3-0CBD33B97E2E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{829221E2-0B1D-4BC4-A895-9D1FBF5EC751}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{866FAE56-364A-4CB9-A2F1-BEE085FC7725}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{8F6434AD-F05E-4C43-B0DA-9915D1B7FC36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{B7F4043F-AB69-4453-AE57-5473F16EE89C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B8D93761-62B7-465B-A109-6B21FDCA131E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C9B64548-433B-4F5D-9309-97AD075A3D9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D1A45A8D-7A96-4E96-B57C-95C878407A3B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D7ED6B34-4DAF-4B2F-8828-54FED227BA4B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E0479563-F950-4278-B19F-586980D4E10E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E302AE89-1FA6-4DCE-8527-B7E4F1C053F1}" = protocol=17 | dir=in | app=c:\users\anni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EAFD769A-CD67-479F-B068-516D2D02A6CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F54D0FD5-473B-4063-88E4-6488D92E46C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"TCP Query User{0CC5441B-D377-4A04-A93D-6BF49F5F0271}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{406371B7-F541-4363-A9A1-57919A90B1BB}E:\eclipse\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\eclipse\jre\bin\javaw.exe | 
"TCP Query User{AC0922AE-DDFD-4308-BA77-5A938F52B53B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B1E460A4-0F19-4A0B-954A-BEC47EA73435}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E365B8DF-7CC4-4B9B-8C07-C5B0823F8C40}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{0A17D360-B969-46F3-8FFE-C8525474C645}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{33E07358-5661-4C63-BED5-90A7F41BA574}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C3ED6FAA-7A42-45C3-8134-298972F2E488}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D5CF75FF-4FC4-4D63-89EE-356C86D83501}E:\eclipse\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\eclipse\jre\bin\javaw.exe | 
"UDP Query User{E1D0B13E-7EA8-4197-9A5C-C0FD51EFB3C5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1624E927-1F74-34E2-64FB-263CE6A6CD6F}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2A9196F5-9B7C-EA83-6BC8-944BF707143D}" = ccc-utility
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D60292B-1C68-2751-E708-6E419318C9E1}" = Catalyst Control Center InstallProxy
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{41903DF9-6CB1-0EC3-4B1E-76D55FAD9C80}" = Catalyst Control Center HydraVision Full
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4420B59B-9FEC-8F4C-75A3-3FE927D8AEA1}" = Catalyst Control Center Graphics Full Existing
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{54D966AE-AEB7-7BC9-B09A-A7BB0EAC236C}" = ccc-core-static
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5E44C19D-3D1F-87F9-65D2-F87C6F66DF91}" = Catalyst Control Center Core Implementation
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DF68292-863C-2943-813E-144E41DB1908}" = Catalyst Control Center Graphics Previews Vista
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{737F8964-D019-5D45-5FF4-8924FE62F564}" = Catalyst Control Center Graphics Full New
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7BE38C02-9CFD-78DC-B4F3-32168B004ACF}" = Catalyst Control Center Graphics Previews Common
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7DE589B-59FB-1A37-33DA-DED08CA88DC4}" = Skins
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EC3636D4-4FC7-4C0C-B16B-FA64C2020FF4}" = Mindjet MindManager 9
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F46F4A86-3760-4F4B-1633-5411C26CC9A8}" = HydraVision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAC09C92-93A7-38BC-BA47-8F20439C2781}" = Catalyst Control Center Graphics Light
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo WinOptimizer 2009_is1" = Ashampoo WinOptimizer 2009
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Color Cop_is1" = Color Cop 5.4.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"DesktopIconAmazon" = Desktop Icon für Amazon
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Glary Utilities_is1" = Glary Utilities 2.36.0.1232
"GPG4Win" = GnuPG For Windows
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HWiNFO32_is1" = HWiNFO32 Version 2.40
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.60 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"PDF-XChange 3_is1" = PDF-XChange 3
"PhotoFiltre" = PhotoFiltre
"Pixum ePrint" = Pixum ePrint 1.2
"Quick Search Box" = Google-Schnellsuchfeld
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SearchAnonymizer" = SearchAnonymizer
"TIMELEFT3_is1" = TimeLeft
"VideoGet_is1" = Nuclear Coffee - VideoGet
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2012 12:14:05 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:19:39 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:19:48 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:19:48 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:21:09 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:21:25 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:21:25 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:24:28 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:24:46 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
Error - 26.11.2012 12:24:48 | Computer Name = Anni-PC | Source = VSS | ID = 12289
Description = 
 
[ System Events ]
Error - 29.12.2008 06:34:06 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 29.12.2008 06:41:22 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 29.12.2008 07:12:52 | Computer Name = Anni-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.12.2008 07:15:23 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 29.12.2008 08:12:02 | Computer Name = Anni-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.12.2008 10:37:51 | Computer Name = Anni-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.12.2008 11:39:38 | Computer Name = Anni-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 29.12.2008 13:46:33 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 29.12.2008 17:11:07 | Computer Name = Anni-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.12.2008 um 22:07:09 unerwartet heruntergefahren.
 
Error - 31.12.2008 11:51:49 | Computer Name = Anni-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.12.2008 um 16:47:58 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

Alt 26.11.2012, 21:13   #2
markusg
/// Malware-holic
 
appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? - Standard

appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.11.26 17:52:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.086
[2012.11.26 16:57:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.087
[2012.11.24 22:57:02 | 000,007,104 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\BAcroIEHelpe.dll
[2012.11.24 22:56:56 | 000,000,048 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\blckdom.res
[2012.11.24 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\xmldm
[2012.11.24 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\kock

 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 26.11.2012, 22:21   #3
lavie
 
appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? - Standard

appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?



Vielen Dank schon mal!

Hier die Textdatei nach dem Neustart (der sich aufgehängt hatte):

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Leider klappt der Upload nicht, da ich die Seite nicht aufbauen kann. In dem zip Ordner ist ein leerer Ordner sowie eine txt Datei, die den selben Inhalt hat, wie die Datei oben.

Was soll ich nun machen?

Danke im Voraus,
liebe Grüße
__________________

Alt 27.11.2012, 18:02   #4
markusg
/// Malware-holic
 
appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? - Standard

appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?



Hi
entweder du hast nicht alles gepostet, oder nicht das ganze oben gepostetee Script ausgeführt.
mach es noch mal bitte, + Upload, der sollte wieder gehen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?
32 bit, 7-zip, administrator, anti-malware, appdata, audacity, autostart, avira, avira meldung, browser, cdburnerxp, dateien, entfernen, explorer, folge, helper, hilfe!, install.exe, logfile, meldung, microsoft, roaming, service, service pack 2, software, speicher, test, trojaner, version, vista, wie entfernen, wie entfernen?



Ähnliche Themen: appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?


  1. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (5)
  2. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (9)
  3. TR/Crypt.EPACK.Gen2 auf dem pc
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (7)
  4. Virenmeldungen TR/Crypt.Epack.Gen2
    Log-Analyse und Auswertung - 18.12.2012 (2)
  5. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (6)
  6. TR/Crypt.EPACK.Gen2
    Log-Analyse und Auswertung - 06.11.2012 (18)
  7. TR/Crypt.EPACK.Gen2 - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  8. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (5)
  9. TR/Crypt.EPACK.Gen2 Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (6)
  10. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (18)
  11. TR/Crypt.EPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (13)
  12. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (17)
  13. Wie werde ich TR/Crypt.EPACK.Gen2 los?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  14. Trojaner TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (34)
  15. TR/Crypt.EPACK.Gen2 Antivir zeigt mir ständig Diesen Trojaner an--> Nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (10)
  16. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (10)
  17. Problem mit Trojaner tr crypt.epack.gen2
    Plagegeister aller Art und deren Bekämpfung - 14.11.2010 (9)

Zum Thema appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? - Guten Abend, seit gestern erscheint immer wieder die Avira Meldung, dass folgendes gefunden wurde: Datei appConf32.exe ist der Trojaner TR/Crypt.EPACK.Gen2 Hier das Logfile von Malewarebytes Anti-Malware: Malwarebytes Anti-Malware (Test) 1.65.1.1000 - appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen?...
Archiv
Du betrachtest: appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.