|
Plagegeister aller Art und deren Bekämpfung: Trojaner win32/sirefef.OWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.10.2011, 12:38 | #1 |
| Trojaner win32/sirefef.ONix geht mehr, alle Virenscanner, Tools funktionieren nicht. Bitte dringend um Unterstützung!!! LG |
26.10.2011, 13:38 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner win32/sirefef.O Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________
__________________ |
26.10.2011, 13:53 | #3 |
| Trojaner win32/sirefef.O Ich habe auf einen schon vorhanden Thread antworten wollen, aber leider sagte mir das System von Euch, ich dürfte das nicht, weil ich dazu keine Rechte hätte, und ich solle einen neuen Thread aufmachen. Das hab ich getan!!
__________________Und nun bekomm ich ne "Ohrfeige"??? Zitat: http://www.trojaner-board.de/104424-...l#post712675]] AdiumX, Sie haben keine Rechte, um auf diese Seite zuzugreifen. Folgende Gründe könnten z.B. dafür verantwortlich sein: 1. Sie müssen ein eigenes Thema erstellen: Bitte passendes Unterforum aussuchen und auf klicken! 2. Sie versuchen, den Beitrag eines anderen Benutzers zu ändern oder auf administrative Funktionen zuzugreifen. Überprüfen Sie bitte in den Forenregeln, ob Sie diese Aktion ausführen dürfen. 3. Wenn Sie versucht haben, einen Beitrag zu schreiben, kann es sein, dass Ihr Benutzerkonto deaktiviert wurde oder noch aktiviert werden muss. Geändert von AdiumX (26.10.2011 um 14:22 Uhr) |
26.10.2011, 14:48 | #4 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner win32/sirefef.OZitat:
Was ist daran auszusetzen? Wenn keine Infos von dir kommen kann man dir nicht helfen! Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
26.10.2011, 15:16 | #5 |
| Trojaner win32/sirefef.OSorry, ich hab mir Details gespart, da der Trojaner ja hier bekannt ist. Wollte nur nicht das Tool aus dem o.g. Thread nutzen, da dabei steht, nur in "Begleitung" Als ich hab hier einen Windows PC von HP mit Windows Vista · es war Avira v8.x drauf, die aber nicht gepflegt wurde · Windows Defender und Avira haben Trojaner win32/sirefef.O entdeckt · Avira v12 lies sich installieren aber nicht starten · EmiSoft lies sich auch nicht starten, auch nicht im abgesicherten Modus · Hijack lässt sich installieren aber auch nicht starten · für mich stellt sich die Frage, format c: oder gibt es da noch andere Hilfe? · ist nicht mein Rechner, sondern von einem Bekannten Wenn noch mehr Infos gebraucht werden, bitte näher spezifizieren! LG Addi™ |
26.10.2011, 15:24 | #6 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner win32/sirefef.OZitat:
Zitat:
__________________ --> Trojaner win32/sirefef.O |
26.10.2011, 15:46 | #7 |
| Trojaner win32/sirefef.ODefogger sagt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:37 on 26/10/2011 (Garbert) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
26.10.2011, 19:05 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner win32/sirefef.O Kommt da noch mehr?
__________________ Logfiles bitte immer in CODE-Tags posten |
27.10.2011, 07:03 | #9 |
| Trojaner win32/sirefef.OIch habe auf eine Anweisung gehofft "Sollte Defogger dir eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop. Klicke den Re-enable Button nicht ohne Anweisung." Denn Defogger hat nichts neu gestartet... Aber nun hab ich folgendes Problem: Ich kann rein gar nichts mehr machen... Werde gleich mal den abgesicherten Modus antesten... OTL.txt (im abgesicherten Modus erstellt):OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.10.2011 08:40:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\Software\Windows Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free 6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32 Computer Name: xy-PC | User Name: xy| Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Windows\1497257308:2745876902.exe PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe PRC - [2011.10.26 16:29:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Software\Windows\OTL.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe MOD - [2006.11.02 11:46:10 | 000,227,328 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.09 14:48:07 | 001,452,944 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Stopped] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2009.05.06 11:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.03.26 15:34:45 | 000,148,992 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.03.07 12:00:05 | 000,070,656 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2006.12.08 11:52:04 | 000,208,896 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V) DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.06.01 17:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus) DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.1und1.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\YX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\YX\AppData\Roaming\svhostu.exe () O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKCU..\Run: [lt6ow0jc.exe] C:\Users\YX\AppData\Roaming\lt6ow0jc.exe (Alcatel Microelectronics) O4 - HKCU..\Run: [vasja] C:\Users\YX\Desktop\0.9056710880911472.exe (Home) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7E6FA1-2790-4FD2-BF0E-221DB4B3954A}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe) -C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {11775326-DDFD-465E-9DF5-00EE8605E24D} - GMX Browser Add-on ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {65331F58-91DC-4555-AEFB-840EB40D0022} - GMX Update ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{D507B452-F6F2-477B-AFCF-C12FC21A2782} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: 1und1 Update - hkey= - key= - C:\Programme\1&1\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: GMX Update - hkey= - key= - C:\Programme\GMX\LiveUpdate\m2LUTray.exe () MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\YX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: zeiv.exe - hkey= - key= - C:\Users\YX\AppData\Roaming\Haleok\zeiv.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\ [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ [2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28 [2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011 [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\B4CCC [2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Oline [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Acesu [2011.10.27 07:30:53 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe [2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe [2011.10.27 07:30:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.10.26 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\LOGs [2011.10.26 13:35:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.26 13:34:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe [2011.10.26 13:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiVir PersonalEdition Classic [2011.10.26 13:31:37 | 000,079,424 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.26 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.26 13:24:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.10.26 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Malwarebytes [2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.26 13:23:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.26 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.26 13:20:45 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2011.10.26 12:18:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.10.26 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\Neuer Ordner [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Haleok [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Axso [2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2011.10.27 08:15:19 | 000,667,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.27 08:15:19 | 000,159,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.27 08:15:18 | 000,837,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.27 08:15:18 | 000,177,586 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308 [2011.10.27 08:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\YX\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\YX\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\YX\Desktop\0.6136625930725045.exe [2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe [2011.10.27 07:25:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000UA.job [2011.10.26 19:38:17 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000Core.job [2011.10.26 16:37:07 | 000,000,000 | ---- | M] () -- C:\Users\YX\defogger_reenable [2011.10.26 13:38:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.10.26 13:36:24 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.26 13:35:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.26 13:34:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe [2011.10.26 13:31:42 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk [2011.10.26 13:20:42 | 000,000,036 | ---- | M] () -- C:\Users\YX\AppData\Local\housecall.guid.cache [2011.10.26 11:55:42 | 103,714,870 | ---- | M] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip [2011.10.24 19:41:31 | 000,025,099 | ---- | M] () -- C:\Users\YX\Desktop\Bestandsregister Schweine.odt [2011.10.23 21:37:08 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.23 10:05:43 | 000,014,946 | ---- | M] () -- C:\Users\YX\Desktop\Mieteinnahmen Schmmüllingstr.ods [2011.10.17 13:00:39 | 000,000,215 | ---- | M] () -- C:\Users\YX\Desktop\freenetMail E-Mail, SMS, Fax, Mobil - kostenlos anmelden.url [2011.10.16 13:21:41 | 000,016,953 | ---- | M] () -- C:\Users\YX\Desktop\Pflanzenschutz.odt [2011.10.14 19:59:07 | 048,324,552 | ---- | M] () -- C:\Windows\System32\mrt.exe [2011.10.14 19:35:26 | 234,480,917 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.02 13:19:48 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.27 07:31:11 | 000,001,213 | ---- | C] () -- C:\Users\YX\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | C] () -- C:\Users\YX\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | C] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:30:59 | 000,283,648 | ---- | C] () -- C:\Users\YX\Desktop\0.6136625930725045.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | C] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.26 16:37:07 | 000,000,000 | ---- | C] () -- C:\Users\YX\defogger_reenable [2011.10.26 13:31:42 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk [2011.10.26 13:23:11 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.26 13:20:42 | 000,000,036 | ---- | C] () -- C:\Users\YX\AppData\Local\housecall.guid.cache [2011.10.26 11:55:37 | 103,714,870 | ---- | C] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip [2011.10.23 21:37:08 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.23 21:37:07 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.10.02 13:19:48 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011.10.02 13:19:30 | 000,000,000 | ---- | C] () -- C:\Windows\1497257308 [2009.06.11 13:31:44 | 000,024,206 | ---- | C] () -- C:\Users\YX\AppData\Roaming\UserTile.png [2008.12.21 22:24:13 | 000,004,608 | ---- | C] () -- C:\Users\YX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.30 09:31:26 | 000,164,377 | ---- | C] () -- C:\Windows\hpoins19.dat [2008.05.28 09:19:56 | 000,260,531 | ---- | C] () -- C:\Windows\System32\ADINIT.DAT [2008.05.28 09:19:56 | 000,171,887 | ---- | C] () -- C:\Windows\System32\geocalc.dat [2008.05.28 09:19:56 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GVRES32.dll [2008.01.23 04:22:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.03.13 22:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2006.11.02 17:33:31 | 000,837,386 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,177,586 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,279,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,667,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,159,266 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll ========== LOP Check ========== [2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Acesu [2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\AOMobil [2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Axso [2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\B4CCC [2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.20 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Haleok [2011.07.03 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Image Zone Express [2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Oline [2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\OpenOffice.org [2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr [2008.06.06 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Printer Info Cache [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ [2009.05.17 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\TeamViewer [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.26 19:38:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.05.28 08:19:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.06.03 15:15:03 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2008.01.23 13:08:58 | 000,000,000 | -HSD | M] -- C:\Boot [2011.10.25 19:14:37 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\DRIVER [2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\ebay [2011.03.20 10:44:46 | 000,000,000 | ---D | M] -- C:\ELAN_NW [2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\FirstSteps [2008.01.23 04:24:47 | 000,000,000 | ---D | M] -- C:\GDATA [2008.05.28 08:20:40 | 000,000,000 | ---D | M] -- C:\Google [2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\MANUAL [2008.05.28 08:22:46 | 000,000,000 | ---D | M] -- C:\nero [2008.01.23 04:31:44 | 000,000,000 | ---D | M] -- C:\Off2007HSt [2011.10.27 07:31:20 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.26 13:31:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.27 08:29:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.01.23 14:38:48 | 000,000,000 | ---D | M] -- C:\TMP [2008.05.28 08:18:41 | 000,000,000 | R--D | M] -- C:\Users [2011.10.27 07:30:50 | 000,000,000 | ---D | M] -- C:\Windows [2008.01.23 04:17:29 | 000,000,000 | ---D | M] -- C:\x86 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe < MD5 for: REGEDIT.EXE > [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\System32\wininit.exe [2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe [2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install > "LastSuccessTime" = 2011-10-26 17:38:40 "LastError" = 0 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB40435$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe < End of report > Extras.txt(im abgesicherten Modus erstellt):OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.10.2011 08:40:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\Software\Windows Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free 6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32 Computer Name: GARBERT-PC | User Name: Garbert | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{017A3543-CC36-4347-A0CC-761FC333957A}" = lport=139 | protocol=6 | dir=in | app=system | "{28FDBB23-2300-426B-9666-9F9D62C6DA86}" = rport=138 | protocol=17 | dir=out | app=system | "{33295F91-7A61-4EB6-B59C-378DB01A685A}" = rport=139 | protocol=6 | dir=out | app=system | "{50F68251-18A0-40BD-BFDE-810392023C31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{59D9980C-C355-478F-954D-ED23F1D596B8}" = rport=137 | protocol=17 | dir=out | app=system | "{64D0EBCD-9A06-4F44-85D2-F18C19CF5939}" = lport=138 | protocol=17 | dir=in | app=system | "{734075CA-2547-4DF2-BC45-31BEBF67CDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{753D2A30-6876-493C-B888-97393EA391DE}" = lport=445 | protocol=6 | dir=in | app=system | "{7A4004B4-F622-4684-8718-1854C590F717}" = rport=445 | protocol=6 | dir=out | app=system | "{D5D88FA6-DF0D-4E9E-B61B-3CFC0402B6A2}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{22FC6656-B24C-4A32-B204-0AD75165DC13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4BF43035-E2DF-46EE-84E0-3C2E17B60D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{83D32F0A-AA79-43B9-91DD-EF1A3D1C9CC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BC86582B-5800-4655-954D-F4B7500DD348}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{000BB303-E1DB-4A5B-9391-48B28AC08875}C:\program files\java\jre6\bin\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe | "TCP Query User{06647C14-B04F-4164-B9C6-F34F35424485}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe | "TCP Query User{0FC8D9AC-6EC1-4E3E-9F82-1422B2E98BD0}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe | "TCP Query User{0FE06FE6-B66C-46E6-8434-D6CC4EC77793}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | "TCP Query User{167090EC-203E-410E-B4BE-5ABF3FCA0428}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | "TCP Query User{1893BA36-6338-4818-A900-0FB90C7C9624}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=6 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe | "TCP Query User{1F117856-F19E-45B9-9B25-BEC66979B65F}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe | "TCP Query User{2215DB90-AC95-4461-A5CC-075357FD1F9A}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | "TCP Query User{2547BD5B-92A5-4232-BDA2-CE6F3EB355AA}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe | "TCP Query User{2779A0CF-C103-4D4C-A1FA-35C84B436F30}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | "TCP Query User{28EA8CFA-D5E2-43BE-9C4D-99C9728E83D9}C:\program files\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\program files\google\update\googleupdate.exe | "TCP Query User{2ADB4D98-1E7C-4F79-9C00-F2FAF61A888C}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe | "TCP Query User{313206E2-0781-48CD-9D09-23B8363ADEA6}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | "TCP Query User{34B375D9-8C1C-4CFC-984A-AEC706B431C0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{369CC55C-DE6E-48C9-8086-2DC3758DDA35}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{39376ABC-33B4-4CF2-A2FC-54CB5698AF76}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe | "TCP Query User{3BC6EB6E-F924-4E2C-9190-B387F90E674D}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{3C5E34A6-5553-4C19-9C51-6605E6DE5112}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe | "TCP Query User{41C4E375-E89C-47FF-97B8-D925543D1D1B}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe | "TCP Query User{47DF1270-A967-4E63-84B6-94ED89524A89}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | "TCP Query User{4899E999-EF79-4300-B04A-F519BD2254F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{4BFCE9DB-DA7A-4AEE-B9FB-1AAACE284BD7}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe | "TCP Query User{4D954606-1971-4AC8-94E1-A08C26D9E0E1}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe | "TCP Query User{54FF02F7-F455-47DD-93F7-48229B66D105}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe | "TCP Query User{553336A9-D2C9-4200-9A4B-3202899DA99B}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "TCP Query User{5BE5DA3B-1A7B-4A5D-B037-A66AB87A0D99}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | "TCP Query User{5DE914E2-1066-44BE-8A04-9ED50957F44B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{633EFFEB-36A1-40A4-9D32-608E48420B04}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=6 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe | "TCP Query User{6997E525-02F9-4893-A185-D33B59C36064}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | "TCP Query User{6DE62BAF-6686-4630-AE7A-5C738F1D20F5}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe | "TCP Query User{7ED9675F-FBC2-4B5E-9F4D-24D194025F60}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | "TCP Query User{80D76B55-32C8-42D9-B8B5-5E593B60932B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{810E63DC-11B7-4DD0-A1C9-E210AA414838}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | "TCP Query User{8164DE2D-9763-49F8-BFD9-9E9E4A492441}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | "TCP Query User{85517CB6-6F67-4DB2-8A94-E63A10D3D28E}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe | "TCP Query User{8750EE3F-E9A9-44F2-B574-164EA91E966C}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | "TCP Query User{885A33DB-84E6-4BB9-A503-803DD9F9D35B}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | "TCP Query User{8FDF66D5-7C3A-43C3-9DB7-54A4075F49C0}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe | "TCP Query User{97EFD739-4544-441B-84DF-A12A1F6C432A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{993D702D-3209-45DD-8A52-DF80759BAAAD}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe | "TCP Query User{A2D6A2B5-DBFA-43E4-9650-1A1991F694E3}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | "TCP Query User{A9223F05-82C9-44BE-9FAF-818320A08111}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe | "TCP Query User{B160A99A-2AE9-43F0-A297-BAE56A404C40}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin | "TCP Query User{B636DBD8-8149-457A-9597-BCEF43645133}C:\program files\pdf24\pdf24-updater.exe" = protocol=6 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe | "TCP Query User{B7191C3F-8AC1-47AE-BE2F-8EFEEA5486E8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{B747320F-DFE8-4B83-8B51-700E00691ACF}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "TCP Query User{BAB1106F-6D22-4157-BB65-2FDB077CA2EE}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | "TCP Query User{BC66BC57-BB72-4302-963A-53E1F6CAD0B6}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | "TCP Query User{BC826D6E-6E50-4B95-A708-CEE3BEC640ED}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe | "TCP Query User{C2B44BEB-11FF-4CB5-B9D4-C495736453CD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{C4AFF4B8-E882-45AE-9C2E-893774FF36BF}C:\program files\java\jre6\bin\jusched.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe | "TCP Query User{C796A715-AE8E-4278-A7BB-7710790662C2}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | "TCP Query User{CF1A22DC-3839-4A57-8DB0-11E985AC1F69}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe | "TCP Query User{D0320FB1-CC32-40DC-854D-9E35C3624DDB}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | "TCP Query User{D790A158-9786-4DA2-AF97-C205E6E26F63}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe | "TCP Query User{E1CEF85D-0399-4EF6-8BF6-CCBB2505DE5A}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | "TCP Query User{E8729F19-D3C1-4806-B0B3-61C1B11260DC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{F26BCA3E-07DE-45E2-B528-CE3A10901009}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | "TCP Query User{FA7ED1CA-0C0F-400D-B35E-E3BD65E22097}C:\program files\lp\936b\30e8.tmp" = protocol=6 | dir=in | app=c:\program files\lp\936b\30e8.tmp | "TCP Query User{FB63F94C-8CA9-43DE-B8AF-21CB9398E5B8}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | "UDP Query User{03BB56A2-F691-4922-80EB-ABE129D06144}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | "UDP Query User{066DDA28-CFAB-44CF-A80A-070AD5EE3B0B}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | "UDP Query User{07945749-0256-41CD-93C7-45C1623C37B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{0A0E071F-0B0C-4CD2-863F-1ADA4E1EEBF5}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe | "UDP Query User{0F3A2D56-DF60-4FA7-B20E-3F6B5C197B2D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | "UDP Query User{10AABA16-6C48-4E43-B504-CA8238E1592F}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=17 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe | "UDP Query User{11F11FF6-6B95-4DC3-AA5A-807503192F49}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | "UDP Query User{19DCDCB8-114C-4083-A2ED-072FE3BAB175}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe | "UDP Query User{1EC9A674-B168-498A-B784-E41ECE18FFA1}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "UDP Query User{1F4C6A05-E8B6-47F5-8E6F-7092284228B7}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | "UDP Query User{20AE5BA1-4D52-4B51-8D9E-E6584C8F3753}C:\program files\java\jre6\bin\jusched.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe | "UDP Query User{2997A4C4-8BE6-45FE-AF8A-871F36429985}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe | "UDP Query User{2B55AA74-80D1-4DC2-9DEA-378AA82EB707}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "UDP Query User{33E082A3-DA3C-42F7-9A1D-AB1B089609EB}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | "UDP Query User{358B4DF5-95AF-4CA2-807B-31CBF0A24B17}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=17 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe | "UDP Query User{39E5474C-485C-478B-B44E-A83742A1345D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | "UDP Query User{3CA5DD51-9314-4FF8-9248-281C66132F47}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe | "UDP Query User{3DADCF2B-86A9-42B4-A909-687456098778}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe | "UDP Query User{3E9F4F1C-D913-4821-9F79-75A50788C4C0}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | "UDP Query User{4A01492A-8244-4739-8796-7F2BB895E4B5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{4B93ECEC-A7C4-45AA-B9B9-446B2514C852}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{52D0B562-B061-4BF3-A903-700F17EAD469}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe | "UDP Query User{62CCD707-FE2B-4500-9621-A048757A8F88}C:\program files\java\jre6\bin\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe | "UDP Query User{6E2D11ED-2464-43CF-96E0-F61055C4BA07}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe | "UDP Query User{6EF1075C-D016-440A-994A-D7F94310F493}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | "UDP Query User{745B33AB-5FDA-4526-8E69-5D4D30B5096A}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe | "UDP Query User{7ED4E65B-A668-46DD-95BA-C2C4C003D331}C:\program files\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\program files\google\update\googleupdate.exe | "UDP Query User{7FC02FDF-7A8A-4731-B379-6CC42B4B9D28}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | "UDP Query User{81491885-FAEF-4A9F-8133-C7068335554D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | "UDP Query User{8B784F44-1474-4087-B58F-04E1819E09D6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{925C2950-CCFC-4F4F-9CE1-2026174EDF36}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe | "UDP Query User{95572E92-9356-441F-8441-187A1FFBD409}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | "UDP Query User{95B56FB7-CDB1-4B41-926F-F6F91CF16FC1}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe | "UDP Query User{97B9ADC5-2352-4FB6-B531-61842F12090E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{97EBD866-7C65-4DA8-B95D-D6EBBD193ED0}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | "UDP Query User{993730A5-24DD-4565-8904-82560A027CDC}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin | "UDP Query User{9CD84880-4743-4788-9437-133B459CEF6D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | "UDP Query User{A0A3D81F-ED5B-42C5-83E7-9ABC84298458}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{A25558F9-F6C0-48D0-9B3B-AF31D92F7D80}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe | "UDP Query User{A2E67958-9CB2-4760-A695-7076F5380F92}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe | "UDP Query User{A7B9523E-5ED9-4A90-B022-5A831A1E7A2C}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | "UDP Query User{B2A8D85F-EF64-41FF-BC6D-FE0374394516}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe | "UDP Query User{BBFFA4DD-4D2D-4A2D-8495-1AF112334938}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | "UDP Query User{C1B7190D-4441-4A2A-95D5-3B678615CB47}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{C59381B4-50BE-4336-BA4C-B84AABC1389C}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | "UDP Query User{C6C14200-DBC9-4620-8F1C-BD68210A77DF}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe | "UDP Query User{C79CDBBC-BE38-4333-8F5B-B047173DBE34}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | "UDP Query User{CC17B17D-64D4-4E15-82FA-29909EF857C8}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | "UDP Query User{D0FADD32-E64B-4816-92E1-61080CAA8BC3}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe | "UDP Query User{D477B569-EC52-4A12-A0C1-3845DFD6E8A0}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe | "UDP Query User{D4E74CCB-813A-4D50-8AFD-C5B69CCE1C2D}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe | "UDP Query User{D80A8700-3E3E-4F33-8902-8C8965708999}C:\program files\pdf24\pdf24-updater.exe" = protocol=17 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe | "UDP Query User{DB9A6DAE-D4A7-485C-8CAF-0EE6E625E553}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{DF9A7C72-7933-4997-905F-28B1DB21E6A7}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe | "UDP Query User{E16C9E84-8C9A-4E01-9A84-89F48988B8AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{E765AEF8-88FE-4D5D-9CE1-2F1D4F7A5DA3}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe | "UDP Query User{F0E6E7D1-F099-42C1-81F8-66FAD3502CD1}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | "UDP Query User{F1F5AC40-FBD7-4111-AB7F-A1282F3D67E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F3466136-5606-4FD2-8064-A38B0DEB13B9}C:\program files\lp\936b\30e8.tmp" = protocol=17 | dir=in | app=c:\program files\lp\936b\30e8.tmp | "UDP Query User{F8630047-3477-4EF9-8FA6-F8432BF02C6A}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{016B58FA-6D8C-4EE2-B2F1-5E78628E4AD5}" = 1&1 Update "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update "{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600 "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{2F6D47A9-D946-4472-8D25-24151AC1A3CD}" = Internet Explorer 8 1&1 Addon "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{5C97698A-FAB5-41DB-ADB0-5FCB2BC84588}" = InternetExplorer-GMX-Addon "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B27F2F79-879F-45F9-B2B7-08EF9B95502F}" = Internet Explorer 8 1&1 Edition "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Update" = 1&1 Update "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AgrarOfficeJKEKLZT_is1" = AO Agrar-Office 5.0.9.0 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus "ELAN 2009 NW" = ELAN 2009 NW "ELAN 2010 NW" = ELAN 2010 NW "ELAN 2011 NW " = ELAN 2011 NW "GMX Update" = GMX Update "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Internet Explorer 8 1&1 Addon" = Internet Explorer 8 1&1 Addon "Internet Explorer 8 1&1 Edition" = Internet Explorer 8 1&1 Edition "InternetExplorer-GMX-Addon" = InternetExplorer-GMX-Addon "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "TeamViewer 4" = TeamViewer 4 "VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.10.2011 01:39:40 | Computer Name = Garbert-PC | Source = WerSvc | ID = 5007 Description = Error - 27.10.2011 01:41:11 | Computer Name = Garbert-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel 0x4549adc4, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79, Ausnahmecode 0xc0000005, Fehleroffset 0x000dea73, Prozess-ID 0x220, Anwendungsstartzeit 01cc946af0e299bb. Error - 27.10.2011 01:41:34 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011 Description = Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = EventSystem | ID = 4609 Description = Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012 Description = Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011 Description = Error - 27.10.2011 02:34:44 | Computer Name = Garbert-PC | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 27.10.2011 02:09:01 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:04 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:05 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:09 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:13 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:23 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7001 Description = Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.10.2011 02:18:06 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005 Description = < End of report > Geändert von AdiumX (27.10.2011 um 07:53 Uhr) |
27.10.2011, 08:08 | #10 |
| Trojaner win32/sirefef.OGmer.exe stürzt nach 1-2 Minuten klanglos ab (abgesicherter Modus) Den scheiss Bundespolizei-Trojaner werd ich auch nicht los, kann zur Zeit nur im abgesicherten Modus arbeiten :-( |
27.10.2011, 10:33 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner win32/sirefef.O Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL PRC - File not found -- C:\Windows\1497257308:2745876902.exe PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.gmx.net/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.1und1.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545 O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe () O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\YX\AppData\Roaming\svhostu.exe () O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe () O4 - HKCU..\Run: [vasja] C:\Users\YX\Desktop\0.9056710880911472.exe (Home) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found O20 - HKCU Winlogon: Shell - (C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe) -C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard) [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ [2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28 [2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011 [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\B4CCC [2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Oline [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Acesu [2011.10.27 07:30:53 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe [2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Haleok [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Axso [2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308 [2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\YX\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\YX\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\YX\Desktop\0.6136625930725045.exe [2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe [2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Acesu [2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\AOMobil [2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Axso [2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\B4CCC [2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.20 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Haleok [2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Oline [2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\OpenOffice.org [2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt @Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.10.2011, 11:00 | #12 |
| Trojaner win32/sirefef.OInhalt des LogFiles: All processes killed Error: Unable to interpret <:OTL PRC - File not found -- C:\Windows\1497257308:2745876902.exe PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\B4CCC\F1193.exe MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\B4CCC\F1193.exe IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = GMX Suche - einfach besser finden! [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Se> in the current context! Error: Unable to interpret <archDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 1&1 - Telefon-Internet-Flatrates und mobiles Internet [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545 O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4> in the current context! Error: Unable to interpret <965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe () O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\Garbert\AppData\Roaming\svhostu.exe () O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe () O4 - HKCU..\Run: [vasja] C:\Users\Garbert\Desktop\0.9056710880911472.exe (Home) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoo> in the current context! Error: Unable to interpret <t%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found O20 - HKCU Winlogon: Shell - (C:\Users\Garbert\Ap> in the current context! Error: Unable to interpret <pData\Roaming\B4CCC\F1193.exe) -C:\Users\Garbert\AppData\Roaming\B4CCC\F1193.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard) [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\Garbert\> in the current context! Error: Unable to interpret <AppData\Roaming\qNGarbertA0uvSoFpGsJ [2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28 [2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011 [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\B4CCC [2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Oline [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Acesu [2011.10.27 07:30:53 | 000,165,376 | ---- | > in the current context! Error: Unable to interpret <C] (Alcatel Microelectronics) -- C:\Users\Garbert\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\Garbert\Desktop\0.9056710880911472.exe [2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\Garbert\Desktop\0.64406117213402.exe [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Haleok [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Axso [2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308 [2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\Garbert\Desktop\0.6136625930725045.ex> in the current context! Error: Unable to interpret <e [2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\Garbert\Desktop\0.9056710880911472.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\Garbert\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\Garbert\Desktop\0.64406117213402.exe [2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Acesu [2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\AOMobil [2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Axso [2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\B4CCC [2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.2> in the current context! Error: Unable to interpret <0 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Haleok [2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Oline [2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\OpenOffice.org [2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\qNGarbertA0uvSoFpGsJ [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\vdEK8gRZ9YwUeOt @Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe :Commands [emptytemp] [resethosts] > in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 10272011_115427 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
27.10.2011, 12:33 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner win32/sirefef.O Falsch umgesetzt, da du das Fixscript falsch kopiert und/oder nicht richtig eingefügt hast. Wiederholen aber diesmal richtig umsetzen
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner win32/sirefef.O |
dringend, funktionieren, scan, scanner, tools, troja, trojaner, trojaner win32/sirefef.o, unterstützung, virenscan, virenscanner, win |