Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner win32/sirefef.O

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.10.2011, 12:38   #1
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Nix geht mehr, alle Virenscanner, Tools funktionieren nicht.
Bitte dringend um Unterstützung!!!

LG


Alt 26.10.2011, 13:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner win32/sirefef.O - Ausrufezeichen

Trojaner win32/sirefef.O



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 26.10.2011, 13:53   #3
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O



Ich habe auf einen schon vorhanden Thread antworten wollen, aber leider sagte mir das System von Euch, ich dürfte das nicht, weil ich dazu keine Rechte hätte, und ich solle einen neuen Thread aufmachen. Das hab ich getan!!
Und nun bekomm ich ne "Ohrfeige"???

Zitat: http://www.trojaner-board.de/104424-...l#post712675]]
AdiumX, Sie haben keine Rechte, um auf diese Seite zuzugreifen. Folgende Gründe könnten z.B. dafür verantwortlich sein:

1. Sie müssen ein eigenes Thema erstellen: Bitte passendes Unterforum aussuchen und auf klicken!
2. Sie versuchen, den Beitrag eines anderen Benutzers zu ändern oder auf administrative Funktionen zuzugreifen. Überprüfen Sie bitte in den Forenregeln, ob Sie diese Aktion ausführen dürfen.
3. Wenn Sie versucht haben, einen Beitrag zu schreiben, kann es sein, dass Ihr Benutzerkonto deaktiviert wurde oder noch aktiviert werden muss.

__________________

Geändert von AdiumX (26.10.2011 um 14:22 Uhr)

Alt 26.10.2011, 14:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O



Zitat:
Und nun bekomm ich ne "Ohrfeige"???
Das ist ein Hinweis, dass du dich an die ersten Schritte für Hilfesuchende halten sollst!
Was ist daran auszusetzen? Wenn keine Infos von dir kommen kann man dir nicht helfen!

Zitat:
Ich habe auf einen schon vorhanden Thread antworten wollen, aber leider sagte mir das System von Euch, ich dürfte das nicht, weil ich dazu keine Rechte hätte,
Weil du nicht in fremde Stränge posten sollst! Sowas nennt man Dialogstörung! Und damit genau sowas nicht passiert, hast du keine Rechte in fremde Stränge zu posten!

Zitat:
und ich solle einen neuen Thread aufmachen. Das hab ich getan!!
Ja, aber ohne Infos geschweige denn dass du hier die Hinweise für Hilfesuchende beachtet hättest!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.10.2011, 15:16   #5
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Sorry, ich hab mir Details gespart, da der Trojaner ja hier bekannt ist.
Wollte nur nicht das Tool aus dem o.g. Thread nutzen, da dabei steht, nur in "Begleitung"

Als ich hab hier einen Windows PC von HP mit Windows Vista

· es war Avira v8.x drauf, die aber nicht gepflegt wurde
· Windows Defender und Avira haben Trojaner win32/sirefef.O entdeckt
· Avira v12 lies sich installieren aber nicht starten
· EmiSoft lies sich auch nicht starten, auch nicht im abgesicherten Modus
· Hijack lässt sich installieren aber auch nicht starten
· für mich stellt sich die Frage, format c: oder gibt es da noch andere Hilfe?
· ist nicht mein Rechner, sondern von einem Bekannten

Wenn noch mehr Infos gebraucht werden, bitte näher spezifizieren!

LG

Addi™


Alt 26.10.2011, 15:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O



Zitat:
Wenn noch mehr Infos gebraucht werden, bitte näher spezifizieren!
Wie oft soll ich denn noch auf den Hinweisstrang aufmerksam machen!

Zitat:
Sorry, ich hab mir Details gespart, da der Trojaner ja hier bekannt ist.
Und? Schon dran gedacht, dass das Gerät PC= Personal Computer heißt und bei jedem individuell eingerichtet ist? Es gibt KEINE ALLGEMEINGÜLTIGE vorgehensweise, man muss jedes System analysieren!
__________________
--> Trojaner win32/sirefef.O

Alt 26.10.2011, 15:46   #7
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Defogger sagt:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:37 on 26/10/2011 (Garbert)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



Alt 26.10.2011, 19:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O



Kommt da noch mehr?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.10.2011, 07:03   #9
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Ich habe auf eine Anweisung gehofft "Sollte Defogger dir eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung."
Denn Defogger hat nichts neu gestartet...
Aber nun hab ich folgendes Problem:

Ich kann rein gar nichts mehr machen...
Werde gleich mal den abgesicherten Modus antesten...

OTL.txt (im abgesicherten Modus erstellt):OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.10.2011 08:40:57 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = G:\Software\Windows
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32
 
Computer Name: xy-PC | User Name: xy| Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Windows\1497257308:2745876902.exe
PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe
PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe
PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe
PRC - [2011.10.26 16:29:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Software\Windows\OTL.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe
MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe
MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe
MOD - [2006.11.02 11:46:10 | 000,227,328 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.05.09 14:48:07 | 001,452,944 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Stopped] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.05.06 11:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.03.26 15:34:45 | 000,148,992 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.03.07 12:00:05 | 000,070,656 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2006.12.08 11:52:04 | 000,208,896 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 17:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.1und1.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\YX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\YX\AppData\Roaming\svhostu.exe ()
O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [lt6ow0jc.exe] C:\Users\YX\AppData\Roaming\lt6ow0jc.exe (Alcatel Microelectronics)
O4 - HKCU..\Run: [vasja] C:\Users\YX\Desktop\0.9056710880911472.exe (Home)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7E6FA1-2790-4FD2-BF0E-221DB4B3954A}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe) -C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe
O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe
O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {11775326-DDFD-465E-9DF5-00EE8605E24D} - GMX Browser Add-on
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {65331F58-91DC-4555-AEFB-840EB40D0022} - GMX Update
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{D507B452-F6F2-477B-AFCF-C12FC21A2782} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: 1und1 Update - hkey= - key= - C:\Programme\1&1\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GMX Update - hkey= - key= - C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\YX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: zeiv.exe - hkey= - key= - C:\Users\YX\AppData\Roaming\Haleok\zeiv.exe ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt
[2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ
[2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28
[2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2011
[2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr
[2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd
[2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q
[2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ
[2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\B4CCC
[2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Oline
[2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Acesu
[2011.10.27 07:30:53 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe
[2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe
[2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe
[2011.10.27 07:30:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.10.26 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\LOGs
[2011.10.26 13:35:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.26 13:34:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe
[2011.10.26 13:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiVir PersonalEdition Classic
[2011.10.26 13:31:37 | 000,079,424 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.26 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.26 13:24:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.26 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Malwarebytes
[2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.26 13:23:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.26 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.26 13:20:45 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011.10.26 12:18:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.10.26 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\Neuer Ordner
[2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Haleok
[2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Axso
[2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.10.27 08:15:19 | 000,667,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.27 08:15:19 | 000,159,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.27 08:15:18 | 000,837,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.27 08:15:18 | 000,177,586 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308
[2011.10.27 08:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\YX\AppData\Roaming\ldr.ini
[2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\YX\AppData\Roaming\svhostu.exe
[2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe
[2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\YX\Desktop\0.6136625930725045.exe
[2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe
[2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat
[2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe
[2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe
[2011.10.27 07:25:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000UA.job
[2011.10.26 19:38:17 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000Core.job
[2011.10.26 16:37:07 | 000,000,000 | ---- | M] () -- C:\Users\YX\defogger_reenable
[2011.10.26 13:38:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.26 13:36:24 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.26 13:35:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.26 13:34:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe
[2011.10.26 13:31:42 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk
[2011.10.26 13:20:42 | 000,000,036 | ---- | M] () -- C:\Users\YX\AppData\Local\housecall.guid.cache
[2011.10.26 11:55:42 | 103,714,870 | ---- | M] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip
[2011.10.24 19:41:31 | 000,025,099 | ---- | M] () -- C:\Users\YX\Desktop\Bestandsregister Schweine.odt
[2011.10.23 21:37:08 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.10.23 10:05:43 | 000,014,946 | ---- | M] () -- C:\Users\YX\Desktop\Mieteinnahmen Schmmüllingstr.ods
[2011.10.17 13:00:39 | 000,000,215 | ---- | M] () -- C:\Users\YX\Desktop\freenetMail  E-Mail, SMS, Fax, Mobil - kostenlos anmelden.url
[2011.10.16 13:21:41 | 000,016,953 | ---- | M] () -- C:\Users\YX\Desktop\Pflanzenschutz.odt
[2011.10.14 19:59:07 | 048,324,552 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2011.10.14 19:35:26 | 234,480,917 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.02 13:19:48 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.27 07:31:11 | 000,001,213 | ---- | C] () -- C:\Users\YX\AppData\Roaming\ldr.ini
[2011.10.27 07:31:05 | 000,099,840 | ---- | C] () -- C:\Users\YX\AppData\Roaming\svhostu.exe
[2011.10.27 07:31:04 | 001,776,640 | ---- | C] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe
[2011.10.27 07:30:59 | 000,283,648 | ---- | C] () -- C:\Users\YX\Desktop\0.6136625930725045.exe
[2011.10.27 07:30:53 | 000,000,008 | ---- | C] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat
[2011.10.26 16:37:07 | 000,000,000 | ---- | C] () -- C:\Users\YX\defogger_reenable
[2011.10.26 13:31:42 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk
[2011.10.26 13:23:11 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.26 13:20:42 | 000,000,036 | ---- | C] () -- C:\Users\YX\AppData\Local\housecall.guid.cache
[2011.10.26 11:55:37 | 103,714,870 | ---- | C] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip
[2011.10.23 21:37:08 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.10.23 21:37:07 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.10.02 13:19:48 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011.10.02 13:19:30 | 000,000,000 | ---- | C] () -- C:\Windows\1497257308
[2009.06.11 13:31:44 | 000,024,206 | ---- | C] () -- C:\Users\YX\AppData\Roaming\UserTile.png
[2008.12.21 22:24:13 | 000,004,608 | ---- | C] () -- C:\Users\YX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 09:31:26 | 000,164,377 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008.05.28 09:19:56 | 000,260,531 | ---- | C] () -- C:\Windows\System32\ADINIT.DAT
[2008.05.28 09:19:56 | 000,171,887 | ---- | C] () -- C:\Windows\System32\geocalc.dat
[2008.05.28 09:19:56 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GVRES32.dll
[2008.01.23 04:22:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.03.13 22:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006.11.02 17:33:31 | 000,837,386 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,177,586 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,279,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,667,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,159,266 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ
[2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Acesu
[2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\AOMobil
[2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Axso
[2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\B4CCC
[2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd
[2011.10.20 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Haleok
[2011.07.03 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Image Zone Express
[2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q
[2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Oline
[2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\OpenOffice.org
[2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr
[2008.06.06 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Printer Info Cache
[2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ
[2009.05.17 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\TeamViewer
[2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt
[2011.10.26 19:38:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.05.28 08:19:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.06.03 15:15:03 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2008.01.23 13:08:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.25 19:14:37 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\DRIVER
[2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\ebay
[2011.03.20 10:44:46 | 000,000,000 | ---D | M] -- C:\ELAN_NW
[2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\FirstSteps
[2008.01.23 04:24:47 | 000,000,000 | ---D | M] -- C:\GDATA
[2008.05.28 08:20:40 | 000,000,000 | ---D | M] -- C:\Google
[2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\MANUAL
[2008.05.28 08:22:46 | 000,000,000 | ---D | M] -- C:\nero
[2008.01.23 04:31:44 | 000,000,000 | ---D | M] -- C:\Off2007HSt
[2011.10.27 07:31:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.26 13:31:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.27 08:29:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.01.23 14:38:48 | 000,000,000 | ---D | M] -- C:\TMP
[2008.05.28 08:18:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.27 07:30:50 | 000,000,000 | ---D | M] -- C:\Windows
[2008.01.23 04:17:29 | 000,000,000 | ---D | M] -- C:\x86
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\System32\wininit.exe
[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install >
"LastSuccessTime" = 2011-10-26 17:38:40
"LastError" = 0
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB40435$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe

< End of report >
         
--- --- ---


Extras.txt(im abgesicherten Modus erstellt):OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.10.2011 08:40:57 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = G:\Software\Windows
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32
 
Computer Name: GARBERT-PC | User Name: Garbert | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3543-CC36-4347-A0CC-761FC333957A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{28FDBB23-2300-426B-9666-9F9D62C6DA86}" = rport=138 | protocol=17 | dir=out | app=system | 
"{33295F91-7A61-4EB6-B59C-378DB01A685A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{50F68251-18A0-40BD-BFDE-810392023C31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{59D9980C-C355-478F-954D-ED23F1D596B8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64D0EBCD-9A06-4F44-85D2-F18C19CF5939}" = lport=138 | protocol=17 | dir=in | app=system | 
"{734075CA-2547-4DF2-BC45-31BEBF67CDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{753D2A30-6876-493C-B888-97393EA391DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7A4004B4-F622-4684-8718-1854C590F717}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D5D88FA6-DF0D-4E9E-B61B-3CFC0402B6A2}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22FC6656-B24C-4A32-B204-0AD75165DC13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4BF43035-E2DF-46EE-84E0-3C2E17B60D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{83D32F0A-AA79-43B9-91DD-EF1A3D1C9CC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BC86582B-5800-4655-954D-F4B7500DD348}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{000BB303-E1DB-4A5B-9391-48B28AC08875}C:\program files\java\jre6\bin\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe | 
"TCP Query User{06647C14-B04F-4164-B9C6-F34F35424485}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe | 
"TCP Query User{0FC8D9AC-6EC1-4E3E-9F82-1422B2E98BD0}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"TCP Query User{0FE06FE6-B66C-46E6-8434-D6CC4EC77793}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"TCP Query User{167090EC-203E-410E-B4BE-5ABF3FCA0428}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"TCP Query User{1893BA36-6338-4818-A900-0FB90C7C9624}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=6 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe | 
"TCP Query User{1F117856-F19E-45B9-9B25-BEC66979B65F}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe | 
"TCP Query User{2215DB90-AC95-4461-A5CC-075357FD1F9A}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"TCP Query User{2547BD5B-92A5-4232-BDA2-CE6F3EB355AA}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe | 
"TCP Query User{2779A0CF-C103-4D4C-A1FA-35C84B436F30}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"TCP Query User{28EA8CFA-D5E2-43BE-9C4D-99C9728E83D9}C:\program files\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\program files\google\update\googleupdate.exe | 
"TCP Query User{2ADB4D98-1E7C-4F79-9C00-F2FAF61A888C}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe | 
"TCP Query User{313206E2-0781-48CD-9D09-23B8363ADEA6}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
"TCP Query User{34B375D9-8C1C-4CFC-984A-AEC706B431C0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{369CC55C-DE6E-48C9-8086-2DC3758DDA35}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{39376ABC-33B4-4CF2-A2FC-54CB5698AF76}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe | 
"TCP Query User{3BC6EB6E-F924-4E2C-9190-B387F90E674D}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{3C5E34A6-5553-4C19-9C51-6605E6DE5112}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe | 
"TCP Query User{41C4E375-E89C-47FF-97B8-D925543D1D1B}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe | 
"TCP Query User{47DF1270-A967-4E63-84B6-94ED89524A89}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"TCP Query User{4899E999-EF79-4300-B04A-F519BD2254F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{4BFCE9DB-DA7A-4AEE-B9FB-1AAACE284BD7}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe | 
"TCP Query User{4D954606-1971-4AC8-94E1-A08C26D9E0E1}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe | 
"TCP Query User{54FF02F7-F455-47DD-93F7-48229B66D105}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"TCP Query User{553336A9-D2C9-4200-9A4B-3202899DA99B}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | 
"TCP Query User{5BE5DA3B-1A7B-4A5D-B037-A66AB87A0D99}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"TCP Query User{5DE914E2-1066-44BE-8A04-9ED50957F44B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{633EFFEB-36A1-40A4-9D32-608E48420B04}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=6 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe | 
"TCP Query User{6997E525-02F9-4893-A185-D33B59C36064}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"TCP Query User{6DE62BAF-6686-4630-AE7A-5C738F1D20F5}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe | 
"TCP Query User{7ED9675F-FBC2-4B5E-9F4D-24D194025F60}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"TCP Query User{80D76B55-32C8-42D9-B8B5-5E593B60932B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{810E63DC-11B7-4DD0-A1C9-E210AA414838}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"TCP Query User{8164DE2D-9763-49F8-BFD9-9E9E4A492441}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"TCP Query User{85517CB6-6F67-4DB2-8A94-E63A10D3D28E}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe | 
"TCP Query User{8750EE3F-E9A9-44F2-B574-164EA91E966C}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"TCP Query User{885A33DB-84E6-4BB9-A503-803DD9F9D35B}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"TCP Query User{8FDF66D5-7C3A-43C3-9DB7-54A4075F49C0}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe | 
"TCP Query User{97EFD739-4544-441B-84DF-A12A1F6C432A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{993D702D-3209-45DD-8A52-DF80759BAAAD}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"TCP Query User{A2D6A2B5-DBFA-43E4-9650-1A1991F694E3}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"TCP Query User{A9223F05-82C9-44BE-9FAF-818320A08111}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe | 
"TCP Query User{B160A99A-2AE9-43F0-A297-BAE56A404C40}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin | 
"TCP Query User{B636DBD8-8149-457A-9597-BCEF43645133}C:\program files\pdf24\pdf24-updater.exe" = protocol=6 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe | 
"TCP Query User{B7191C3F-8AC1-47AE-BE2F-8EFEEA5486E8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{B747320F-DFE8-4B83-8B51-700E00691ACF}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | 
"TCP Query User{BAB1106F-6D22-4157-BB65-2FDB077CA2EE}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"TCP Query User{BC66BC57-BB72-4302-963A-53E1F6CAD0B6}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | 
"TCP Query User{BC826D6E-6E50-4B95-A708-CEE3BEC640ED}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe | 
"TCP Query User{C2B44BEB-11FF-4CB5-B9D4-C495736453CD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C4AFF4B8-E882-45AE-9C2E-893774FF36BF}C:\program files\java\jre6\bin\jusched.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe | 
"TCP Query User{C796A715-AE8E-4278-A7BB-7710790662C2}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"TCP Query User{CF1A22DC-3839-4A57-8DB0-11E985AC1F69}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"TCP Query User{D0320FB1-CC32-40DC-854D-9E35C3624DDB}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"TCP Query User{D790A158-9786-4DA2-AF97-C205E6E26F63}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe | 
"TCP Query User{E1CEF85D-0399-4EF6-8BF6-CCBB2505DE5A}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"TCP Query User{E8729F19-D3C1-4806-B0B3-61C1B11260DC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F26BCA3E-07DE-45E2-B528-CE3A10901009}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"TCP Query User{FA7ED1CA-0C0F-400D-B35E-E3BD65E22097}C:\program files\lp\936b\30e8.tmp" = protocol=6 | dir=in | app=c:\program files\lp\936b\30e8.tmp | 
"TCP Query User{FB63F94C-8CA9-43DE-B8AF-21CB9398E5B8}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
"UDP Query User{03BB56A2-F691-4922-80EB-ABE129D06144}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"UDP Query User{066DDA28-CFAB-44CF-A80A-070AD5EE3B0B}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"UDP Query User{07945749-0256-41CD-93C7-45C1623C37B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0A0E071F-0B0C-4CD2-863F-1ADA4E1EEBF5}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe | 
"UDP Query User{0F3A2D56-DF60-4FA7-B20E-3F6B5C197B2D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"UDP Query User{10AABA16-6C48-4E43-B504-CA8238E1592F}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=17 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe | 
"UDP Query User{11F11FF6-6B95-4DC3-AA5A-807503192F49}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"UDP Query User{19DCDCB8-114C-4083-A2ED-072FE3BAB175}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe | 
"UDP Query User{1EC9A674-B168-498A-B784-E41ECE18FFA1}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | 
"UDP Query User{1F4C6A05-E8B6-47F5-8E6F-7092284228B7}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"UDP Query User{20AE5BA1-4D52-4B51-8D9E-E6584C8F3753}C:\program files\java\jre6\bin\jusched.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe | 
"UDP Query User{2997A4C4-8BE6-45FE-AF8A-871F36429985}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe | 
"UDP Query User{2B55AA74-80D1-4DC2-9DEA-378AA82EB707}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | 
"UDP Query User{33E082A3-DA3C-42F7-9A1D-AB1B089609EB}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | 
"UDP Query User{358B4DF5-95AF-4CA2-807B-31CBF0A24B17}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=17 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe | 
"UDP Query User{39E5474C-485C-478B-B44E-A83742A1345D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"UDP Query User{3CA5DD51-9314-4FF8-9248-281C66132F47}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe | 
"UDP Query User{3DADCF2B-86A9-42B4-A909-687456098778}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"UDP Query User{3E9F4F1C-D913-4821-9F79-75A50788C4C0}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"UDP Query User{4A01492A-8244-4739-8796-7F2BB895E4B5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{4B93ECEC-A7C4-45AA-B9B9-446B2514C852}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{52D0B562-B061-4BF3-A903-700F17EAD469}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe | 
"UDP Query User{62CCD707-FE2B-4500-9621-A048757A8F88}C:\program files\java\jre6\bin\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe | 
"UDP Query User{6E2D11ED-2464-43CF-96E0-F61055C4BA07}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe | 
"UDP Query User{6EF1075C-D016-440A-994A-D7F94310F493}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"UDP Query User{745B33AB-5FDA-4526-8E69-5D4D30B5096A}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe | 
"UDP Query User{7ED4E65B-A668-46DD-95BA-C2C4C003D331}C:\program files\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\program files\google\update\googleupdate.exe | 
"UDP Query User{7FC02FDF-7A8A-4731-B379-6CC42B4B9D28}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
"UDP Query User{81491885-FAEF-4A9F-8133-C7068335554D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"UDP Query User{8B784F44-1474-4087-B58F-04E1819E09D6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{925C2950-CCFC-4F4F-9CE1-2026174EDF36}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"UDP Query User{95572E92-9356-441F-8441-187A1FFBD409}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"UDP Query User{95B56FB7-CDB1-4B41-926F-F6F91CF16FC1}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe | 
"UDP Query User{97B9ADC5-2352-4FB6-B531-61842F12090E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{97EBD866-7C65-4DA8-B95D-D6EBBD193ED0}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"UDP Query User{993730A5-24DD-4565-8904-82560A027CDC}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin | 
"UDP Query User{9CD84880-4743-4788-9437-133B459CEF6D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"UDP Query User{A0A3D81F-ED5B-42C5-83E7-9ABC84298458}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A25558F9-F6C0-48D0-9B3B-AF31D92F7D80}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe | 
"UDP Query User{A2E67958-9CB2-4760-A695-7076F5380F92}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"UDP Query User{A7B9523E-5ED9-4A90-B022-5A831A1E7A2C}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"UDP Query User{B2A8D85F-EF64-41FF-BC6D-FE0374394516}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe | 
"UDP Query User{BBFFA4DD-4D2D-4A2D-8495-1AF112334938}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"UDP Query User{C1B7190D-4441-4A2A-95D5-3B678615CB47}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C59381B4-50BE-4336-BA4C-B84AABC1389C}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"UDP Query User{C6C14200-DBC9-4620-8F1C-BD68210A77DF}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe | 
"UDP Query User{C79CDBBC-BE38-4333-8F5B-B047173DBE34}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"UDP Query User{CC17B17D-64D4-4E15-82FA-29909EF857C8}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"UDP Query User{D0FADD32-E64B-4816-92E1-61080CAA8BC3}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe | 
"UDP Query User{D477B569-EC52-4A12-A0C1-3845DFD6E8A0}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe | 
"UDP Query User{D4E74CCB-813A-4D50-8AFD-C5B69CCE1C2D}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe | 
"UDP Query User{D80A8700-3E3E-4F33-8902-8C8965708999}C:\program files\pdf24\pdf24-updater.exe" = protocol=17 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe | 
"UDP Query User{DB9A6DAE-D4A7-485C-8CAF-0EE6E625E553}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DF9A7C72-7933-4997-905F-28B1DB21E6A7}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"UDP Query User{E16C9E84-8C9A-4E01-9A84-89F48988B8AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E765AEF8-88FE-4D5D-9CE1-2F1D4F7A5DA3}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe | 
"UDP Query User{F0E6E7D1-F099-42C1-81F8-66FAD3502CD1}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"UDP Query User{F1F5AC40-FBD7-4111-AB7F-A1282F3D67E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F3466136-5606-4FD2-8064-A38B0DEB13B9}C:\program files\lp\936b\30e8.tmp" = protocol=17 | dir=in | app=c:\program files\lp\936b\30e8.tmp | 
"UDP Query User{F8630047-3477-4EF9-8FA6-F8432BF02C6A}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016B58FA-6D8C-4EE2-B2F1-5E78628E4AD5}" = 1&1 Update
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2F6D47A9-D946-4472-8D25-24151AC1A3CD}" = Internet Explorer 8 1&1 Addon
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5C97698A-FAB5-41DB-ADB0-5FCB2BC84588}" = InternetExplorer-GMX-Addon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B27F2F79-879F-45F9-B2B7-08EF9B95502F}" = Internet Explorer 8 1&1 Edition
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Update" = 1&1 Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AgrarOfficeJKEKLZT_is1" = AO Agrar-Office 5.0.9.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus
"ELAN 2009 NW" = ELAN 2009 NW
"ELAN 2010 NW" = ELAN 2010 NW
"ELAN 2011 NW " = ELAN 2011 NW 
"GMX Update" = GMX Update
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Internet Explorer 8 1&1 Addon" = Internet Explorer 8 1&1 Addon
"Internet Explorer 8 1&1 Edition" = Internet Explorer 8 1&1 Edition
"InternetExplorer-GMX-Addon" = InternetExplorer-GMX-Addon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 4" = TeamViewer 4
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2011 01:39:40 | Computer Name = Garbert-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 27.10.2011 01:41:11 | Computer Name = Garbert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000dea73,  Prozess-ID 0x220, Anwendungsstartzeit
 01cc946af0e299bb.
 
Error - 27.10.2011 01:41:34 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.10.2011 02:34:44 | Computer Name = Garbert-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 27.10.2011 02:09:01 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:04 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:05 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:09 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:13 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:23 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.10.2011 02:18:06 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---


Geändert von AdiumX (27.10.2011 um 07:53 Uhr)

Alt 27.10.2011, 08:08   #10
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Gmer.exe stürzt nach 1-2 Minuten klanglos ab (abgesicherter Modus)

Den scheiss Bundespolizei-Trojaner werd ich auch nicht los, kann zur Zeit nur im abgesicherten Modus arbeiten :-(

Alt 27.10.2011, 10:33   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
PRC - File not found -- C:\Windows\1497257308:2745876902.exe
PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe
PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe
PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe
MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe
MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe
MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.1und1.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe ()
O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\YX\AppData\Roaming\svhostu.exe ()
O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\YX\Desktop\0.9056710880911472.exe (Home)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O20 - HKCU Winlogon: Shell - (C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe) -C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe
O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe
O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard)
[2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt
[2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ
[2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28
[2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2011
[2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr
[2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd
[2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q
[2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ
[2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\B4CCC
[2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Oline
[2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Acesu
[2011.10.27 07:30:53 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe
[2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe
[2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe
[2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Haleok
[2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Axso
[2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308
[2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\YX\AppData\Roaming\ldr.ini
[2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\YX\AppData\Roaming\svhostu.exe
[2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe
[2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\YX\Desktop\0.6136625930725045.exe
[2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe
[2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat
[2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe
[2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe
[2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ
[2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Acesu
[2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\AOMobil
[2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Axso
[2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\B4CCC
[2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd
[2011.10.20 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Haleok
[2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q
[2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Oline
[2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\OpenOffice.org
[2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr
[2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ
[2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt
@Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.10.2011, 11:00   #12
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Inhalt des LogFiles:

All processes killed
Error: Unable to interpret <:OTL PRC - File not found -- C:\Windows\1497257308:2745876902.exe PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\B4CCC\F1193.exe MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\B4CCC\F1193.exe IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = GMX Suche - einfach besser finden! [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Se> in the current context!
Error: Unable to interpret <archDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 1&1 - Telefon-Internet-Flatrates und mobiles Internet [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545 O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4> in the current context!
Error: Unable to interpret <965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe () O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\Garbert\AppData\Roaming\svhostu.exe () O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe () O4 - HKCU..\Run: [vasja] C:\Users\Garbert\Desktop\0.9056710880911472.exe (Home) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoo> in the current context!
Error: Unable to interpret <t%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found O20 - HKCU Winlogon: Shell - (C:\Users\Garbert\Ap> in the current context!
Error: Unable to interpret <pData\Roaming\B4CCC\F1193.exe) -C:\Users\Garbert\AppData\Roaming\B4CCC\F1193.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard) [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\Garbert\> in the current context!
Error: Unable to interpret <AppData\Roaming\qNGarbertA0uvSoFpGsJ [2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28 [2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011 [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\B4CCC [2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Oline [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Acesu [2011.10.27 07:30:53 | 000,165,376 | ---- | > in the current context!
Error: Unable to interpret <C] (Alcatel Microelectronics) -- C:\Users\Garbert\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\Garbert\Desktop\0.9056710880911472.exe [2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\Garbert\Desktop\0.64406117213402.exe [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Haleok [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Garbert\AppData\Roaming\Axso [2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308 [2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\Garbert\Desktop\0.6136625930725045.ex> in the current context!
Error: Unable to interpret <e [2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\Garbert\Desktop\0.9056710880911472.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\Garbert\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\Garbert\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\Garbert\Desktop\0.64406117213402.exe [2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Acesu [2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\AOMobil [2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Axso [2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\B4CCC [2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.2> in the current context!
Error: Unable to interpret <0 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Haleok [2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\Oline [2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\OpenOffice.org [2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\qNGarbertA0uvSoFpGsJ [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\Garbert\AppData\Roaming\vdEK8gRZ9YwUeOt @Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe :Commands [emptytemp] [resethosts] > in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 10272011_115427

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 27.10.2011, 12:33   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O



Falsch umgesetzt, da du das Fixscript falsch kopiert und/oder nicht richtig eingefügt hast.
Wiederholen aber diesmal richtig umsetzen
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner win32/sirefef.O
dringend, funktionieren, scan, scanner, tools, troja, trojaner, trojaner win32/sirefef.o, unterstützung, virenscan, virenscanner, win



Ähnliche Themen: Trojaner win32/sirefef.O


  1. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 10.12.2013 (22)
  2. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  3. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  4. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  5. Win32/Sirefef.FC Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (42)
  6. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  7. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  8. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  9. Hartnäckige Trojaner Win32:Atraps-PF und Win64:Sirefef-A
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen
    Log-Analyse und Auswertung - 10.06.2012 (14)
  11. Microsoft Security Essentials: WinNT/Sirefef.J, Win32/Karagany.I, Win32/Small.TG etc
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (44)
  12. Trojan:Win32/Win64/Sirefef; Trojan:Win32/Conedex und Trojandropper:Win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (11)
  13. Win32/Sirefef.DN Trojaner im Arbeitsspeicher c:\windows\assembly\GAC_32\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (3)
  14. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  15. Trojaner win32/sirefef.O
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (22)
  16. Trojaner win32/Sirefef.0
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (4)
  17. Trojaner: win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (1)

Zum Thema Trojaner win32/sirefef.O - Nix geht mehr, alle Virenscanner, Tools funktionieren nicht. Bitte dringend um Unterstützung!!! LG - Trojaner win32/sirefef.O...
Archiv
Du betrachtest: Trojaner win32/sirefef.O auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.