Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner win32/sirefef.O

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 27.10.2011, 07:03   #9
AdiumX
 
Trojaner win32/sirefef.O - Standard

Trojaner win32/sirefef.O




Ich habe auf eine Anweisung gehofft "Sollte Defogger dir eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung."
Denn Defogger hat nichts neu gestartet...
Aber nun hab ich folgendes Problem:

Ich kann rein gar nichts mehr machen...
Werde gleich mal den abgesicherten Modus antesten...

OTL.txt (im abgesicherten Modus erstellt):OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.10.2011 08:40:57 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = G:\Software\Windows
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32
 
Computer Name: xy-PC | User Name: xy| Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Windows\1497257308:2745876902.exe
PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe
PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe
PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe
PRC - [2011.10.26 16:29:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Software\Windows\OTL.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe
MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe
MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe
MOD - [2006.11.02 11:46:10 | 000,227,328 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.05.09 14:48:07 | 001,452,944 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Stopped] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2009.05.06 11:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.03.26 15:34:45 | 000,148,992 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.03.07 12:00:05 | 000,070,656 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2006.12.08 11:52:04 | 000,208,896 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 17:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.1und1.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\YX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\YX\AppData\Roaming\svhostu.exe ()
O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [lt6ow0jc.exe] C:\Users\YX\AppData\Roaming\lt6ow0jc.exe (Alcatel Microelectronics)
O4 - HKCU..\Run: [vasja] C:\Users\YX\Desktop\0.9056710880911472.exe (Home)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7E6FA1-2790-4FD2-BF0E-221DB4B3954A}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe) -C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe
O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe
O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {11775326-DDFD-465E-9DF5-00EE8605E24D} - GMX Browser Add-on
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {65331F58-91DC-4555-AEFB-840EB40D0022} - GMX Update
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{D507B452-F6F2-477B-AFCF-C12FC21A2782} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: 1und1 Update - hkey= - key= - C:\Programme\1&1\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GMX Update - hkey= - key= - C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\YX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: zeiv.exe - hkey= - key= - C:\Users\YX\AppData\Roaming\Haleok\zeiv.exe ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt
[2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ
[2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28
[2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2011
[2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr
[2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd
[2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q
[2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ
[2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\B4CCC
[2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Oline
[2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Acesu
[2011.10.27 07:30:53 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe
[2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe
[2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe
[2011.10.27 07:30:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.10.26 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\LOGs
[2011.10.26 13:35:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.26 13:34:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe
[2011.10.26 13:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiVir PersonalEdition Classic
[2011.10.26 13:31:37 | 000,079,424 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.26 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.26 13:24:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.26 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Malwarebytes
[2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.26 13:23:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.26 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.26 13:20:45 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011.10.26 12:18:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.10.26 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\Neuer Ordner
[2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Haleok
[2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Axso
[2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011.10.27 08:15:19 | 000,667,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.27 08:15:19 | 000,159,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.27 08:15:18 | 000,837,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.27 08:15:18 | 000,177,586 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308
[2011.10.27 08:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\YX\AppData\Roaming\ldr.ini
[2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\YX\AppData\Roaming\svhostu.exe
[2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe
[2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\YX\Desktop\0.6136625930725045.exe
[2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe
[2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat
[2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe
[2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe
[2011.10.27 07:25:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000UA.job
[2011.10.26 19:38:17 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000Core.job
[2011.10.26 16:37:07 | 000,000,000 | ---- | M] () -- C:\Users\YX\defogger_reenable
[2011.10.26 13:38:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.26 13:36:24 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.26 13:35:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.26 13:34:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe
[2011.10.26 13:31:42 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk
[2011.10.26 13:20:42 | 000,000,036 | ---- | M] () -- C:\Users\YX\AppData\Local\housecall.guid.cache
[2011.10.26 11:55:42 | 103,714,870 | ---- | M] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip
[2011.10.24 19:41:31 | 000,025,099 | ---- | M] () -- C:\Users\YX\Desktop\Bestandsregister Schweine.odt
[2011.10.23 21:37:08 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.10.23 10:05:43 | 000,014,946 | ---- | M] () -- C:\Users\YX\Desktop\Mieteinnahmen Schmmüllingstr.ods
[2011.10.17 13:00:39 | 000,000,215 | ---- | M] () -- C:\Users\YX\Desktop\freenetMail  E-Mail, SMS, Fax, Mobil - kostenlos anmelden.url
[2011.10.16 13:21:41 | 000,016,953 | ---- | M] () -- C:\Users\YX\Desktop\Pflanzenschutz.odt
[2011.10.14 19:59:07 | 048,324,552 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2011.10.14 19:35:26 | 234,480,917 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.02 13:19:48 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.27 07:31:11 | 000,001,213 | ---- | C] () -- C:\Users\YX\AppData\Roaming\ldr.ini
[2011.10.27 07:31:05 | 000,099,840 | ---- | C] () -- C:\Users\YX\AppData\Roaming\svhostu.exe
[2011.10.27 07:31:04 | 001,776,640 | ---- | C] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe
[2011.10.27 07:30:59 | 000,283,648 | ---- | C] () -- C:\Users\YX\Desktop\0.6136625930725045.exe
[2011.10.27 07:30:53 | 000,000,008 | ---- | C] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat
[2011.10.26 16:37:07 | 000,000,000 | ---- | C] () -- C:\Users\YX\defogger_reenable
[2011.10.26 13:31:42 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk
[2011.10.26 13:23:11 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.26 13:20:42 | 000,000,036 | ---- | C] () -- C:\Users\YX\AppData\Local\housecall.guid.cache
[2011.10.26 11:55:37 | 103,714,870 | ---- | C] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip
[2011.10.23 21:37:08 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.10.23 21:37:07 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.10.02 13:19:48 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011.10.02 13:19:30 | 000,000,000 | ---- | C] () -- C:\Windows\1497257308
[2009.06.11 13:31:44 | 000,024,206 | ---- | C] () -- C:\Users\YX\AppData\Roaming\UserTile.png
[2008.12.21 22:24:13 | 000,004,608 | ---- | C] () -- C:\Users\YX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 09:31:26 | 000,164,377 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008.05.28 09:19:56 | 000,260,531 | ---- | C] () -- C:\Windows\System32\ADINIT.DAT
[2008.05.28 09:19:56 | 000,171,887 | ---- | C] () -- C:\Windows\System32\geocalc.dat
[2008.05.28 09:19:56 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GVRES32.dll
[2008.01.23 04:22:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.03.13 22:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006.11.02 17:33:31 | 000,837,386 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,177,586 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,279,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,667,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,159,266 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ
[2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Acesu
[2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\AOMobil
[2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Axso
[2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\B4CCC
[2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd
[2011.10.20 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Haleok
[2011.07.03 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Image Zone Express
[2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q
[2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Oline
[2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\OpenOffice.org
[2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr
[2008.06.06 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Printer Info Cache
[2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ
[2009.05.17 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\TeamViewer
[2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt
[2011.10.26 19:38:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.05.28 08:19:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.06.03 15:15:03 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2008.01.23 13:08:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.25 19:14:37 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\DRIVER
[2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\ebay
[2011.03.20 10:44:46 | 000,000,000 | ---D | M] -- C:\ELAN_NW
[2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\FirstSteps
[2008.01.23 04:24:47 | 000,000,000 | ---D | M] -- C:\GDATA
[2008.05.28 08:20:40 | 000,000,000 | ---D | M] -- C:\Google
[2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\MANUAL
[2008.05.28 08:22:46 | 000,000,000 | ---D | M] -- C:\nero
[2008.01.23 04:31:44 | 000,000,000 | ---D | M] -- C:\Off2007HSt
[2011.10.27 07:31:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.26 13:31:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.27 08:29:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.01.23 14:38:48 | 000,000,000 | ---D | M] -- C:\TMP
[2008.05.28 08:18:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.27 07:30:50 | 000,000,000 | ---D | M] -- C:\Windows
[2008.01.23 04:17:29 | 000,000,000 | ---D | M] -- C:\x86
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\System32\wininit.exe
[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install >
"LastSuccessTime" = 2011-10-26 17:38:40
"LastError" = 0
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB40435$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe

< End of report >
         
--- --- ---


Extras.txt(im abgesicherten Modus erstellt):OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.10.2011 08:40:57 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = G:\Software\Windows
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32
 
Computer Name: GARBERT-PC | User Name: Garbert | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3543-CC36-4347-A0CC-761FC333957A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{28FDBB23-2300-426B-9666-9F9D62C6DA86}" = rport=138 | protocol=17 | dir=out | app=system | 
"{33295F91-7A61-4EB6-B59C-378DB01A685A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{50F68251-18A0-40BD-BFDE-810392023C31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{59D9980C-C355-478F-954D-ED23F1D596B8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64D0EBCD-9A06-4F44-85D2-F18C19CF5939}" = lport=138 | protocol=17 | dir=in | app=system | 
"{734075CA-2547-4DF2-BC45-31BEBF67CDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{753D2A30-6876-493C-B888-97393EA391DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7A4004B4-F622-4684-8718-1854C590F717}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D5D88FA6-DF0D-4E9E-B61B-3CFC0402B6A2}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22FC6656-B24C-4A32-B204-0AD75165DC13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4BF43035-E2DF-46EE-84E0-3C2E17B60D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{83D32F0A-AA79-43B9-91DD-EF1A3D1C9CC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BC86582B-5800-4655-954D-F4B7500DD348}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{000BB303-E1DB-4A5B-9391-48B28AC08875}C:\program files\java\jre6\bin\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe | 
"TCP Query User{06647C14-B04F-4164-B9C6-F34F35424485}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe | 
"TCP Query User{0FC8D9AC-6EC1-4E3E-9F82-1422B2E98BD0}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"TCP Query User{0FE06FE6-B66C-46E6-8434-D6CC4EC77793}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"TCP Query User{167090EC-203E-410E-B4BE-5ABF3FCA0428}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"TCP Query User{1893BA36-6338-4818-A900-0FB90C7C9624}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=6 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe | 
"TCP Query User{1F117856-F19E-45B9-9B25-BEC66979B65F}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe | 
"TCP Query User{2215DB90-AC95-4461-A5CC-075357FD1F9A}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"TCP Query User{2547BD5B-92A5-4232-BDA2-CE6F3EB355AA}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe | 
"TCP Query User{2779A0CF-C103-4D4C-A1FA-35C84B436F30}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"TCP Query User{28EA8CFA-D5E2-43BE-9C4D-99C9728E83D9}C:\program files\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\program files\google\update\googleupdate.exe | 
"TCP Query User{2ADB4D98-1E7C-4F79-9C00-F2FAF61A888C}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe | 
"TCP Query User{313206E2-0781-48CD-9D09-23B8363ADEA6}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
"TCP Query User{34B375D9-8C1C-4CFC-984A-AEC706B431C0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{369CC55C-DE6E-48C9-8086-2DC3758DDA35}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{39376ABC-33B4-4CF2-A2FC-54CB5698AF76}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe | 
"TCP Query User{3BC6EB6E-F924-4E2C-9190-B387F90E674D}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{3C5E34A6-5553-4C19-9C51-6605E6DE5112}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe | 
"TCP Query User{41C4E375-E89C-47FF-97B8-D925543D1D1B}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe | 
"TCP Query User{47DF1270-A967-4E63-84B6-94ED89524A89}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"TCP Query User{4899E999-EF79-4300-B04A-F519BD2254F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{4BFCE9DB-DA7A-4AEE-B9FB-1AAACE284BD7}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe | 
"TCP Query User{4D954606-1971-4AC8-94E1-A08C26D9E0E1}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe | 
"TCP Query User{54FF02F7-F455-47DD-93F7-48229B66D105}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"TCP Query User{553336A9-D2C9-4200-9A4B-3202899DA99B}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | 
"TCP Query User{5BE5DA3B-1A7B-4A5D-B037-A66AB87A0D99}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"TCP Query User{5DE914E2-1066-44BE-8A04-9ED50957F44B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{633EFFEB-36A1-40A4-9D32-608E48420B04}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=6 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe | 
"TCP Query User{6997E525-02F9-4893-A185-D33B59C36064}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"TCP Query User{6DE62BAF-6686-4630-AE7A-5C738F1D20F5}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe | 
"TCP Query User{7ED9675F-FBC2-4B5E-9F4D-24D194025F60}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"TCP Query User{80D76B55-32C8-42D9-B8B5-5E593B60932B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{810E63DC-11B7-4DD0-A1C9-E210AA414838}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"TCP Query User{8164DE2D-9763-49F8-BFD9-9E9E4A492441}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"TCP Query User{85517CB6-6F67-4DB2-8A94-E63A10D3D28E}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe | 
"TCP Query User{8750EE3F-E9A9-44F2-B574-164EA91E966C}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"TCP Query User{885A33DB-84E6-4BB9-A503-803DD9F9D35B}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"TCP Query User{8FDF66D5-7C3A-43C3-9DB7-54A4075F49C0}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe | 
"TCP Query User{97EFD739-4544-441B-84DF-A12A1F6C432A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{993D702D-3209-45DD-8A52-DF80759BAAAD}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"TCP Query User{A2D6A2B5-DBFA-43E4-9650-1A1991F694E3}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"TCP Query User{A9223F05-82C9-44BE-9FAF-818320A08111}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe | 
"TCP Query User{B160A99A-2AE9-43F0-A297-BAE56A404C40}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin | 
"TCP Query User{B636DBD8-8149-457A-9597-BCEF43645133}C:\program files\pdf24\pdf24-updater.exe" = protocol=6 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe | 
"TCP Query User{B7191C3F-8AC1-47AE-BE2F-8EFEEA5486E8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{B747320F-DFE8-4B83-8B51-700E00691ACF}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | 
"TCP Query User{BAB1106F-6D22-4157-BB65-2FDB077CA2EE}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"TCP Query User{BC66BC57-BB72-4302-963A-53E1F6CAD0B6}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | 
"TCP Query User{BC826D6E-6E50-4B95-A708-CEE3BEC640ED}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe | 
"TCP Query User{C2B44BEB-11FF-4CB5-B9D4-C495736453CD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C4AFF4B8-E882-45AE-9C2E-893774FF36BF}C:\program files\java\jre6\bin\jusched.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe | 
"TCP Query User{C796A715-AE8E-4278-A7BB-7710790662C2}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"TCP Query User{CF1A22DC-3839-4A57-8DB0-11E985AC1F69}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"TCP Query User{D0320FB1-CC32-40DC-854D-9E35C3624DDB}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"TCP Query User{D790A158-9786-4DA2-AF97-C205E6E26F63}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe | 
"TCP Query User{E1CEF85D-0399-4EF6-8BF6-CCBB2505DE5A}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"TCP Query User{E8729F19-D3C1-4806-B0B3-61C1B11260DC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F26BCA3E-07DE-45E2-B528-CE3A10901009}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"TCP Query User{FA7ED1CA-0C0F-400D-B35E-E3BD65E22097}C:\program files\lp\936b\30e8.tmp" = protocol=6 | dir=in | app=c:\program files\lp\936b\30e8.tmp | 
"TCP Query User{FB63F94C-8CA9-43DE-B8AF-21CB9398E5B8}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
"UDP Query User{03BB56A2-F691-4922-80EB-ABE129D06144}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"UDP Query User{066DDA28-CFAB-44CF-A80A-070AD5EE3B0B}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"UDP Query User{07945749-0256-41CD-93C7-45C1623C37B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0A0E071F-0B0C-4CD2-863F-1ADA4E1EEBF5}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe | 
"UDP Query User{0F3A2D56-DF60-4FA7-B20E-3F6B5C197B2D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"UDP Query User{10AABA16-6C48-4E43-B504-CA8238E1592F}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=17 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe | 
"UDP Query User{11F11FF6-6B95-4DC3-AA5A-807503192F49}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"UDP Query User{19DCDCB8-114C-4083-A2ED-072FE3BAB175}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe | 
"UDP Query User{1EC9A674-B168-498A-B784-E41ECE18FFA1}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | 
"UDP Query User{1F4C6A05-E8B6-47F5-8E6F-7092284228B7}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"UDP Query User{20AE5BA1-4D52-4B51-8D9E-E6584C8F3753}C:\program files\java\jre6\bin\jusched.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe | 
"UDP Query User{2997A4C4-8BE6-45FE-AF8A-871F36429985}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe | 
"UDP Query User{2B55AA74-80D1-4DC2-9DEA-378AA82EB707}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | 
"UDP Query User{33E082A3-DA3C-42F7-9A1D-AB1B089609EB}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | 
"UDP Query User{358B4DF5-95AF-4CA2-807B-31CBF0A24B17}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=17 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe | 
"UDP Query User{39E5474C-485C-478B-B44E-A83742A1345D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"UDP Query User{3CA5DD51-9314-4FF8-9248-281C66132F47}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe | 
"UDP Query User{3DADCF2B-86A9-42B4-A909-687456098778}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"UDP Query User{3E9F4F1C-D913-4821-9F79-75A50788C4C0}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"UDP Query User{4A01492A-8244-4739-8796-7F2BB895E4B5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{4B93ECEC-A7C4-45AA-B9B9-446B2514C852}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{52D0B562-B061-4BF3-A903-700F17EAD469}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe | 
"UDP Query User{62CCD707-FE2B-4500-9621-A048757A8F88}C:\program files\java\jre6\bin\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe | 
"UDP Query User{6E2D11ED-2464-43CF-96E0-F61055C4BA07}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe | 
"UDP Query User{6EF1075C-D016-440A-994A-D7F94310F493}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"UDP Query User{745B33AB-5FDA-4526-8E69-5D4D30B5096A}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe | 
"UDP Query User{7ED4E65B-A668-46DD-95BA-C2C4C003D331}C:\program files\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\program files\google\update\googleupdate.exe | 
"UDP Query User{7FC02FDF-7A8A-4731-B379-6CC42B4B9D28}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
"UDP Query User{81491885-FAEF-4A9F-8133-C7068335554D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe | 
"UDP Query User{8B784F44-1474-4087-B58F-04E1819E09D6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{925C2950-CCFC-4F4F-9CE1-2026174EDF36}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe | 
"UDP Query User{95572E92-9356-441F-8441-187A1FFBD409}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"UDP Query User{95B56FB7-CDB1-4B41-926F-F6F91CF16FC1}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe | 
"UDP Query User{97B9ADC5-2352-4FB6-B531-61842F12090E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{97EBD866-7C65-4DA8-B95D-D6EBBD193ED0}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"UDP Query User{993730A5-24DD-4565-8904-82560A027CDC}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin | 
"UDP Query User{9CD84880-4743-4788-9437-133B459CEF6D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe | 
"UDP Query User{A0A3D81F-ED5B-42C5-83E7-9ABC84298458}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A25558F9-F6C0-48D0-9B3B-AF31D92F7D80}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe | 
"UDP Query User{A2E67958-9CB2-4760-A695-7076F5380F92}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"UDP Query User{A7B9523E-5ED9-4A90-B022-5A831A1E7A2C}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe | 
"UDP Query User{B2A8D85F-EF64-41FF-BC6D-FE0374394516}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe | 
"UDP Query User{BBFFA4DD-4D2D-4A2D-8495-1AF112334938}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe | 
"UDP Query User{C1B7190D-4441-4A2A-95D5-3B678615CB47}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{C59381B4-50BE-4336-BA4C-B84AABC1389C}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe | 
"UDP Query User{C6C14200-DBC9-4620-8F1C-BD68210A77DF}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe | 
"UDP Query User{C79CDBBC-BE38-4333-8F5B-B047173DBE34}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"UDP Query User{CC17B17D-64D4-4E15-82FA-29909EF857C8}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe | 
"UDP Query User{D0FADD32-E64B-4816-92E1-61080CAA8BC3}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe | 
"UDP Query User{D477B569-EC52-4A12-A0C1-3845DFD6E8A0}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe | 
"UDP Query User{D4E74CCB-813A-4D50-8AFD-C5B69CCE1C2D}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe | 
"UDP Query User{D80A8700-3E3E-4F33-8902-8C8965708999}C:\program files\pdf24\pdf24-updater.exe" = protocol=17 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe | 
"UDP Query User{DB9A6DAE-D4A7-485C-8CAF-0EE6E625E553}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DF9A7C72-7933-4997-905F-28B1DB21E6A7}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe | 
"UDP Query User{E16C9E84-8C9A-4E01-9A84-89F48988B8AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E765AEF8-88FE-4D5D-9CE1-2F1D4F7A5DA3}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe | 
"UDP Query User{F0E6E7D1-F099-42C1-81F8-66FAD3502CD1}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe | 
"UDP Query User{F1F5AC40-FBD7-4111-AB7F-A1282F3D67E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F3466136-5606-4FD2-8064-A38B0DEB13B9}C:\program files\lp\936b\30e8.tmp" = protocol=17 | dir=in | app=c:\program files\lp\936b\30e8.tmp | 
"UDP Query User{F8630047-3477-4EF9-8FA6-F8432BF02C6A}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016B58FA-6D8C-4EE2-B2F1-5E78628E4AD5}" = 1&1 Update
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2F6D47A9-D946-4472-8D25-24151AC1A3CD}" = Internet Explorer 8 1&1 Addon
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5C97698A-FAB5-41DB-ADB0-5FCB2BC84588}" = InternetExplorer-GMX-Addon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B27F2F79-879F-45F9-B2B7-08EF9B95502F}" = Internet Explorer 8 1&1 Edition
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Update" = 1&1 Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AgrarOfficeJKEKLZT_is1" = AO Agrar-Office 5.0.9.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus
"ELAN 2009 NW" = ELAN 2009 NW
"ELAN 2010 NW" = ELAN 2010 NW
"ELAN 2011 NW " = ELAN 2011 NW 
"GMX Update" = GMX Update
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Internet Explorer 8 1&1 Addon" = Internet Explorer 8 1&1 Addon
"Internet Explorer 8 1&1 Edition" = Internet Explorer 8 1&1 Edition
"InternetExplorer-GMX-Addon" = InternetExplorer-GMX-Addon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 4" = TeamViewer 4
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2011 01:39:40 | Computer Name = Garbert-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 27.10.2011 01:41:11 | Computer Name = Garbert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000dea73,  Prozess-ID 0x220, Anwendungsstartzeit
 01cc946af0e299bb.
 
Error - 27.10.2011 01:41:34 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.10.2011 02:34:44 | Computer Name = Garbert-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 27.10.2011 02:09:01 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:04 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:05 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:09 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:13 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:23 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.10.2011 02:18:06 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---


Geändert von AdiumX (27.10.2011 um 07:53 Uhr)

 

Themen zu Trojaner win32/sirefef.O
dringend, funktionieren, scan, scanner, tools, troja, trojaner, trojaner win32/sirefef.o, unterstützung, virenscan, virenscanner, win




Ähnliche Themen: Trojaner win32/sirefef.O


  1. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 10.12.2013 (22)
  2. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  3. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  4. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  5. Win32/Sirefef.FC Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (42)
  6. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  7. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  8. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  9. Hartnäckige Trojaner Win32:Atraps-PF und Win64:Sirefef-A
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen
    Log-Analyse und Auswertung - 10.06.2012 (14)
  11. Microsoft Security Essentials: WinNT/Sirefef.J, Win32/Karagany.I, Win32/Small.TG etc
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (44)
  12. Trojan:Win32/Win64/Sirefef; Trojan:Win32/Conedex und Trojandropper:Win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (11)
  13. Win32/Sirefef.DN Trojaner im Arbeitsspeicher c:\windows\assembly\GAC_32\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (3)
  14. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  15. Trojaner win32/sirefef.O
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (22)
  16. Trojaner win32/Sirefef.0
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (4)
  17. Trojaner: win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (1)

Zum Thema Trojaner win32/sirefef.O - Ich habe auf eine Anweisung gehofft "Sollte Defogger dir eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop. Klicke den Re-enable Button nicht ohne Anweisung." Denn Defogger hat - Trojaner win32/sirefef.O...
Archiv
Du betrachtest: Trojaner win32/sirefef.O auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.