| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner win32/sirefef.OWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.10.2011, 07:03
| #9 |
| |  Trojaner win32/sirefef.OIch habe auf eine Anweisung gehofft "Sollte Defogger dir eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop. Klicke den Re-enable Button nicht ohne Anweisung." Denn Defogger hat nichts neu gestartet... Aber nun hab ich folgendes Problem:  Ich kann rein gar nichts mehr machen... Werde gleich mal den abgesicherten Modus antesten... OTL.txt (im abgesicherten Modus erstellt):OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.10.2011 08:40:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\Software\Windows Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free 6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32 Computer Name: xy-PC | User Name: xy| Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Windows\1497257308:2745876902.exe PRC - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe PRC - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe PRC - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe PRC - [2011.10.26 16:29:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Software\Windows\OTL.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.10.27 07:31:46 | 000,283,648 | ---- | M] () -- C:\Programme\LP\936B\0A0.exe MOD - [2011.10.27 07:31:39 | 000,190,464 | ---- | M] () -- C:\Programme\CCC28\lvvm.exe MOD - [2011.10.27 07:31:18 | 000,173,056 | ---- | M] () -- C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe MOD - [2006.11.02 11:46:10 | 000,227,328 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.09 14:48:07 | 001,452,944 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Stopped] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2009.05.06 11:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.03.26 15:34:45 | 000,148,992 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.03.07 12:00:05 | 000,070,656 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2006.12.08 11:52:04 | 000,208,896 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V) DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.06.01 17:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus) DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.1und1.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\YX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\YX\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\YX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [0A0.exe] C:\Programme\LP\936B\0A0.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [F6sWK7fRLgXjCkB] C:\Users\YX\AppData\Roaming\svhostu.exe () O4 - HKLM..\Run: [gG5sQJ6dE8R9YwU8234A] C:\Windows\System32\dekIVrzONxuSoFp.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKCU..\Run: [lt6ow0jc.exe] C:\Users\YX\AppData\Roaming\lt6ow0jc.exe (Alcatel Microelectronics) O4 - HKCU..\Run: [vasja] C:\Users\YX\Desktop\0.9056710880911472.exe (Home) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7E6FA1-2790-4FD2-BF0E-221DB4B3954A}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe) -C:\Users\YX\AppData\Roaming\B4CCC\F1193.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.26 14:02:32 | 000,191,826 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.06.20 07:52:08 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\AutoRun\command - "" = 1j038ki.exe O33 - MountPoints2\{77929b51-ffdf-11e0-b22d-806e6f6e6963}\Shell\open\Command - "" = 1j038ki.exe O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a9b99377-2c7b-11dd-bad4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2005.04.27 20:38:10 | 000,401,408 | R--- | M] (Hewlett-Packard) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {11775326-DDFD-465E-9DF5-00EE8605E24D} - GMX Browser Add-on ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {65331F58-91DC-4555-AEFB-840EB40D0022} - GMX Update ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{D507B452-F6F2-477B-AFCF-C12FC21A2782} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: 1und1 Update - hkey= - key= - C:\Programme\1&1\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: GMX Update - hkey= - key= - C:\Programme\GMX\LiveUpdate\m2LUTray.exe () MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\YX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: zeiv.exe - hkey= - key= - C:\Users\YX\AppData\Roaming\Haleok\zeiv.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\ [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.27 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ [2011.10.27 07:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCC28 [2011.10.27 07:31:11 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011 [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr [2011.10.27 07:31:10 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.27 07:31:05 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:31:04 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\B4CCC [2011.10.27 07:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Oline [2011.10.27 07:30:55 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Acesu [2011.10.27 07:30:53 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:51 | 000,168,960 | ---- | C] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe [2011.10.27 07:30:51 | 000,165,376 | ---- | C] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe [2011.10.27 07:30:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.10.26 16:34:38 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\LOGs [2011.10.26 13:35:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.26 13:34:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe [2011.10.26 13:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiVir PersonalEdition Classic [2011.10.26 13:31:37 | 000,079,424 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.26 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.26 13:24:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.10.26 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Malwarebytes [2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.26 13:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.26 13:23:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.26 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.26 13:20:45 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2011.10.26 12:18:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.10.26 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\YX\Desktop\Neuer Ordner [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Haleok [2011.10.20 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\YX\AppData\Roaming\Axso [2011.10.18 21:49:59 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2011.10.27 08:15:19 | 000,667,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.27 08:15:19 | 000,159,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.27 08:15:18 | 000,837,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.27 08:15:18 | 000,177,586 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.27 08:08:50 | 000,000,000 | ---- | M] () -- C:\Windows\1497257308 [2011.10.27 08:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.27 07:36:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.27 07:31:12 | 000,001,213 | ---- | M] () -- C:\Users\YX\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | M] () -- C:\Users\YX\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | M] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:31:00 | 000,283,648 | ---- | M] () -- C:\Users\YX\Desktop\0.6136625930725045.exe [2011.10.27 07:30:55 | 000,168,960 | ---- | M] (Home) -- C:\Users\YX\Desktop\0.9056710880911472.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | M] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\AppData\Roaming\lt6ow0jc.exe [2011.10.27 07:30:52 | 000,165,376 | ---- | M] (Alcatel Microelectronics) -- C:\Users\YX\Desktop\0.64406117213402.exe [2011.10.27 07:25:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000UA.job [2011.10.26 19:38:17 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320125211-2353226351-2167843232-1000Core.job [2011.10.26 16:37:07 | 000,000,000 | ---- | M] () -- C:\Users\YX\defogger_reenable [2011.10.26 13:38:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.10.26 13:36:24 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.26 13:35:49 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\YX\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.26 13:34:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\YX\Desktop\HiJackThis204.exe [2011.10.26 13:31:42 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk [2011.10.26 13:20:42 | 000,000,036 | ---- | M] () -- C:\Users\YX\AppData\Local\housecall.guid.cache [2011.10.26 11:55:42 | 103,714,870 | ---- | M] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip [2011.10.24 19:41:31 | 000,025,099 | ---- | M] () -- C:\Users\YX\Desktop\Bestandsregister Schweine.odt [2011.10.23 21:37:08 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.23 10:05:43 | 000,014,946 | ---- | M] () -- C:\Users\YX\Desktop\Mieteinnahmen Schmmüllingstr.ods [2011.10.17 13:00:39 | 000,000,215 | ---- | M] () -- C:\Users\YX\Desktop\freenetMail E-Mail, SMS, Fax, Mobil - kostenlos anmelden.url [2011.10.16 13:21:41 | 000,016,953 | ---- | M] () -- C:\Users\YX\Desktop\Pflanzenschutz.odt [2011.10.14 19:59:07 | 048,324,552 | ---- | M] () -- C:\Windows\System32\mrt.exe [2011.10.14 19:35:26 | 234,480,917 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.02 13:19:48 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.27 07:31:11 | 000,001,213 | ---- | C] () -- C:\Users\YX\AppData\Roaming\ldr.ini [2011.10.27 07:31:05 | 000,099,840 | ---- | C] () -- C:\Users\YX\AppData\Roaming\svhostu.exe [2011.10.27 07:31:04 | 001,776,640 | ---- | C] () -- C:\Windows\System32\dekIVrzONxuSoFp.exe [2011.10.27 07:30:59 | 000,283,648 | ---- | C] () -- C:\Users\YX\Desktop\0.6136625930725045.exe [2011.10.27 07:30:53 | 000,000,008 | ---- | C] () -- C:\Users\YX\AppData\Roaming\cbawfxrmd876sqdc.dat [2011.10.26 16:37:07 | 000,000,000 | ---- | C] () -- C:\Users\YX\defogger_reenable [2011.10.26 13:31:42 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk [2011.10.26 13:23:11 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.26 13:20:42 | 000,000,036 | ---- | C] () -- C:\Users\YX\AppData\Local\housecall.guid.cache [2011.10.26 11:55:37 | 103,714,870 | ---- | C] () -- C:\Users\YX\Desktop\EmsisoftEmergencyKit.zip [2011.10.23 21:37:08 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.23 21:37:07 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.10.02 13:19:48 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011.10.02 13:19:30 | 000,000,000 | ---- | C] () -- C:\Windows\1497257308 [2009.06.11 13:31:44 | 000,024,206 | ---- | C] () -- C:\Users\YX\AppData\Roaming\UserTile.png [2008.12.21 22:24:13 | 000,004,608 | ---- | C] () -- C:\Users\YX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.30 09:31:26 | 000,164,377 | ---- | C] () -- C:\Windows\hpoins19.dat [2008.05.28 09:19:56 | 000,260,531 | ---- | C] () -- C:\Windows\System32\ADINIT.DAT [2008.05.28 09:19:56 | 000,171,887 | ---- | C] () -- C:\Windows\System32\geocalc.dat [2008.05.28 09:19:56 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GVRES32.dll [2008.01.23 04:22:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.03.13 22:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2006.11.02 17:33:31 | 000,837,386 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,177,586 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,279,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,667,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,159,266 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll ========== LOP Check ========== [2011.10.27 07:31:04 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\a3onF4amHsJfLgZ [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Acesu [2008.05.28 09:30:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\AOMobil [2011.10.24 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Axso [2011.10.27 07:31:18 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\B4CCC [2011.10.27 07:31:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\DcA1uvD2oFpHJd [2011.10.20 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Haleok [2011.07.03 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Image Zone Express [2011.10.27 07:31:05 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\kOBtxP0yc1b3n4Q [2011.10.27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Oline [2009.03.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\OpenOffice.org [2011.10.27 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\pL8gTZqhYwIr [2008.06.06 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\Printer Info Cache [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\qNyxA0uvSoFpGsJ [2009.05.17 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\TeamViewer [2011.10.27 07:37:02 | 000,000,000 | ---D | M] -- C:\Users\YX\AppData\Roaming\vdEK8gRZ9YwUeOt [2011.10.26 19:38:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.05.28 08:19:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.06.03 15:15:03 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2008.01.23 13:08:58 | 000,000,000 | -HSD | M] -- C:\Boot [2011.10.25 19:14:37 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\DRIVER [2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\ebay [2011.03.20 10:44:46 | 000,000,000 | ---D | M] -- C:\ELAN_NW [2008.05.28 08:20:30 | 000,000,000 | ---D | M] -- C:\FirstSteps [2008.01.23 04:24:47 | 000,000,000 | ---D | M] -- C:\GDATA [2008.05.28 08:20:40 | 000,000,000 | ---D | M] -- C:\Google [2008.01.23 04:22:44 | 000,000,000 | R--D | M] -- C:\MANUAL [2008.05.28 08:22:46 | 000,000,000 | ---D | M] -- C:\nero [2008.01.23 04:31:44 | 000,000,000 | ---D | M] -- C:\Off2007HSt [2011.10.27 07:31:20 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.26 13:31:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.05.28 08:15:43 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.27 08:29:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.01.23 14:38:48 | 000,000,000 | ---D | M] -- C:\TMP [2008.05.28 08:18:41 | 000,000,000 | R--D | M] -- C:\Users [2011.10.27 07:30:50 | 000,000,000 | ---D | M] -- C:\Windows [2008.01.23 04:17:29 | 000,000,000 | ---D | M] -- C:\x86 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe < MD5 for: REGEDIT.EXE > [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\System32\wininit.exe [2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe [2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install > "LastSuccessTime" = 2011-10-26 17:38:40 "LastError" = 0 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB40435$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 816 bytes -> C:\Windows\1497257308:2745876902.exe < End of report > Extras.txt(im abgesicherten Modus erstellt):OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.10.2011 08:40:57 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Software\Windows
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free
6,19 Gb Paging File | 5,88 Gb Available in Paging File | 94,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 158,45 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 664,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 7,47 Gb Total Space | 3,25 Gb Free Space | 43,56% Space Free | Partition Type: FAT32
Computer Name: GARBERT-PC | User Name: Garbert | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3543-CC36-4347-A0CC-761FC333957A}" = lport=139 | protocol=6 | dir=in | app=system |
"{28FDBB23-2300-426B-9666-9F9D62C6DA86}" = rport=138 | protocol=17 | dir=out | app=system |
"{33295F91-7A61-4EB6-B59C-378DB01A685A}" = rport=139 | protocol=6 | dir=out | app=system |
"{50F68251-18A0-40BD-BFDE-810392023C31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59D9980C-C355-478F-954D-ED23F1D596B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{64D0EBCD-9A06-4F44-85D2-F18C19CF5939}" = lport=138 | protocol=17 | dir=in | app=system |
"{734075CA-2547-4DF2-BC45-31BEBF67CDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{753D2A30-6876-493C-B888-97393EA391DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A4004B4-F622-4684-8718-1854C590F717}" = rport=445 | protocol=6 | dir=out | app=system |
"{D5D88FA6-DF0D-4E9E-B61B-3CFC0402B6A2}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22FC6656-B24C-4A32-B204-0AD75165DC13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4BF43035-E2DF-46EE-84E0-3C2E17B60D72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83D32F0A-AA79-43B9-91DD-EF1A3D1C9CC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC86582B-5800-4655-954D-F4B7500DD348}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{000BB303-E1DB-4A5B-9391-48B28AC08875}C:\program files\java\jre6\bin\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe |
"TCP Query User{06647C14-B04F-4164-B9C6-F34F35424485}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe |
"TCP Query User{0FC8D9AC-6EC1-4E3E-9F82-1422B2E98BD0}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe |
"TCP Query User{0FE06FE6-B66C-46E6-8434-D6CC4EC77793}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe |
"TCP Query User{167090EC-203E-410E-B4BE-5ABF3FCA0428}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe |
"TCP Query User{1893BA36-6338-4818-A900-0FB90C7C9624}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=6 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe |
"TCP Query User{1F117856-F19E-45B9-9B25-BEC66979B65F}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe |
"TCP Query User{2215DB90-AC95-4461-A5CC-075357FD1F9A}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe |
"TCP Query User{2547BD5B-92A5-4232-BDA2-CE6F3EB355AA}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe |
"TCP Query User{2779A0CF-C103-4D4C-A1FA-35C84B436F30}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe |
"TCP Query User{28EA8CFA-D5E2-43BE-9C4D-99C9728E83D9}C:\program files\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\program files\google\update\googleupdate.exe |
"TCP Query User{2ADB4D98-1E7C-4F79-9C00-F2FAF61A888C}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"TCP Query User{313206E2-0781-48CD-9D09-23B8363ADEA6}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe |
"TCP Query User{34B375D9-8C1C-4CFC-984A-AEC706B431C0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{369CC55C-DE6E-48C9-8086-2DC3758DDA35}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{39376ABC-33B4-4CF2-A2FC-54CB5698AF76}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe |
"TCP Query User{3BC6EB6E-F924-4E2C-9190-B387F90E674D}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{3C5E34A6-5553-4C19-9C51-6605E6DE5112}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe |
"TCP Query User{41C4E375-E89C-47FF-97B8-D925543D1D1B}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe |
"TCP Query User{47DF1270-A967-4E63-84B6-94ED89524A89}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe |
"TCP Query User{4899E999-EF79-4300-B04A-F519BD2254F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4BFCE9DB-DA7A-4AEE-B9FB-1AAACE284BD7}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe |
"TCP Query User{4D954606-1971-4AC8-94E1-A08C26D9E0E1}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe |
"TCP Query User{54FF02F7-F455-47DD-93F7-48229B66D105}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe |
"TCP Query User{553336A9-D2C9-4200-9A4B-3202899DA99B}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"TCP Query User{5BE5DA3B-1A7B-4A5D-B037-A66AB87A0D99}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe |
"TCP Query User{5DE914E2-1066-44BE-8A04-9ED50957F44B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{633EFFEB-36A1-40A4-9D32-608E48420B04}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=6 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe |
"TCP Query User{6997E525-02F9-4893-A185-D33B59C36064}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"TCP Query User{6DE62BAF-6686-4630-AE7A-5C738F1D20F5}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{7ED9675F-FBC2-4B5E-9F4D-24D194025F60}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe |
"TCP Query User{80D76B55-32C8-42D9-B8B5-5E593B60932B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{810E63DC-11B7-4DD0-A1C9-E210AA414838}C:\windows\system32\dekivrzonxusofp.exe" = protocol=6 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe |
"TCP Query User{8164DE2D-9763-49F8-BFD9-9E9E4A492441}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe |
"TCP Query User{85517CB6-6F67-4DB2-8A94-E63A10D3D28E}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe |
"TCP Query User{8750EE3F-E9A9-44F2-B574-164EA91E966C}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"TCP Query User{885A33DB-84E6-4BB9-A503-803DD9F9D35B}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe |
"TCP Query User{8FDF66D5-7C3A-43C3-9DB7-54A4075F49C0}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe |
"TCP Query User{97EFD739-4544-441B-84DF-A12A1F6C432A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{993D702D-3209-45DD-8A52-DF80759BAAAD}C:\program files\lp\936b\0a0.exe" = protocol=6 | dir=in | app=c:\program files\lp\936b\0a0.exe |
"TCP Query User{A2D6A2B5-DBFA-43E4-9650-1A1991F694E3}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"TCP Query User{A9223F05-82C9-44BE-9FAF-818320A08111}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe |
"TCP Query User{B160A99A-2AE9-43F0-A297-BAE56A404C40}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=6 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin |
"TCP Query User{B636DBD8-8149-457A-9597-BCEF43645133}C:\program files\pdf24\pdf24-updater.exe" = protocol=6 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe |
"TCP Query User{B7191C3F-8AC1-47AE-BE2F-8EFEEA5486E8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B747320F-DFE8-4B83-8B51-700E00691ACF}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"TCP Query User{BAB1106F-6D22-4157-BB65-2FDB077CA2EE}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin |
"TCP Query User{BC66BC57-BB72-4302-963A-53E1F6CAD0B6}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe |
"TCP Query User{BC826D6E-6E50-4B95-A708-CEE3BEC640ED}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
"TCP Query User{C2B44BEB-11FF-4CB5-B9D4-C495736453CD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C4AFF4B8-E882-45AE-9C2E-893774FF36BF}C:\program files\java\jre6\bin\jusched.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe |
"TCP Query User{C796A715-AE8E-4278-A7BB-7710790662C2}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin |
"TCP Query User{CF1A22DC-3839-4A57-8DB0-11E985AC1F69}C:\program files\ccc28\lvvm.exe" = protocol=6 | dir=in | app=c:\program files\ccc28\lvvm.exe |
"TCP Query User{D0320FB1-CC32-40DC-854D-9E35C3624DDB}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"TCP Query User{D790A158-9786-4DA2-AF97-C205E6E26F63}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe |
"TCP Query User{E1CEF85D-0399-4EF6-8BF6-CCBB2505DE5A}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe |
"TCP Query User{E8729F19-D3C1-4806-B0B3-61C1B11260DC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F26BCA3E-07DE-45E2-B528-CE3A10901009}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=6 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe |
"TCP Query User{FA7ED1CA-0C0F-400D-B35E-E3BD65E22097}C:\program files\lp\936b\30e8.tmp" = protocol=6 | dir=in | app=c:\program files\lp\936b\30e8.tmp |
"TCP Query User{FB63F94C-8CA9-43DE-B8AF-21CB9398E5B8}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=6 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe |
"UDP Query User{03BB56A2-F691-4922-80EB-ABE129D06144}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe |
"UDP Query User{066DDA28-CFAB-44CF-A80A-070AD5EE3B0B}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe |
"UDP Query User{07945749-0256-41CD-93C7-45C1623C37B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0A0E071F-0B0C-4CD2-863F-1ADA4E1EEBF5}C:\users\garbert\appdata\roaming\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\svhostu.exe |
"UDP Query User{0F3A2D56-DF60-4FA7-B20E-3F6B5C197B2D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"UDP Query User{10AABA16-6C48-4E43-B504-CA8238E1592F}C:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe" = protocol=17 | dir=in | app=c:\program files\google\google toolbar\component\googletoolbarmanager_4e7d715d860e20e1.exe |
"UDP Query User{11F11FF6-6B95-4DC3-AA5A-807503192F49}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin |
"UDP Query User{19DCDCB8-114C-4083-A2ED-072FE3BAB175}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"UDP Query User{1EC9A674-B168-498A-B784-E41ECE18FFA1}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"UDP Query User{1F4C6A05-E8B6-47F5-8E6F-7092284228B7}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe |
"UDP Query User{20AE5BA1-4D52-4B51-8D9E-E6584C8F3753}C:\program files\java\jre6\bin\jusched.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jusched.exe |
"UDP Query User{2997A4C4-8BE6-45FE-AF8A-871F36429985}C:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\googletoolbarinstaller_en32_signed.exe |
"UDP Query User{2B55AA74-80D1-4DC2-9DEA-378AA82EB707}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"UDP Query User{33E082A3-DA3C-42F7-9A1D-AB1B089609EB}C:\program files\avira\antivir personaledition classic\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe |
"UDP Query User{358B4DF5-95AF-4CA2-807B-31CBF0A24B17}C:\users\garbert\desktop\0.9056710880911472.exe" = protocol=17 | dir=in | app=c:\users\garbert\desktop\0.9056710880911472.exe |
"UDP Query User{39E5474C-485C-478B-B44E-A83742A1345D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe |
"UDP Query User{3CA5DD51-9314-4FF8-9248-281C66132F47}C:\program files\avira\antivir desktop\avnotify.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avnotify.exe |
"UDP Query User{3DADCF2B-86A9-42B4-A909-687456098778}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe |
"UDP Query User{3E9F4F1C-D913-4821-9F79-75A50788C4C0}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe |
"UDP Query User{4A01492A-8244-4739-8796-7F2BB895E4B5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{4B93ECEC-A7C4-45AA-B9B9-446B2514C852}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{52D0B562-B061-4BF3-A903-700F17EAD469}C:\program files\adobe\reader 10.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 10.0\reader\acrord32.exe |
"UDP Query User{62CCD707-FE2B-4500-9621-A048757A8F88}C:\program files\java\jre6\bin\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\jucheck.exe |
"UDP Query User{6E2D11ED-2464-43CF-96E0-F61055C4BA07}C:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\gumf571.tmp\googleupdate.exe |
"UDP Query User{6EF1075C-D016-440A-994A-D7F94310F493}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin |
"UDP Query User{745B33AB-5FDA-4526-8E69-5D4D30B5096A}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{7ED4E65B-A668-46DD-95BA-C2C4C003D331}C:\program files\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\program files\google\update\googleupdate.exe |
"UDP Query User{7FC02FDF-7A8A-4731-B379-6CC42B4B9D28}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe |
"UDP Query User{81491885-FAEF-4A9F-8133-C7068335554D}C:\users\garbert\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\google\update\googleupdate.exe |
"UDP Query User{8B784F44-1474-4087-B58F-04E1819E09D6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{925C2950-CCFC-4F4F-9CE1-2026174EDF36}C:\program files\lp\936b\0a0.exe" = protocol=17 | dir=in | app=c:\program files\lp\936b\0a0.exe |
"UDP Query User{95572E92-9356-441F-8441-187A1FFBD409}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"UDP Query User{95B56FB7-CDB1-4B41-926F-F6F91CF16FC1}C:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\install_reader10_de_gtba_aih[1].exe |
"UDP Query User{97B9ADC5-2352-4FB6-B531-61842F12090E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{97EBD866-7C65-4DA8-B95D-D6EBBD193ED0}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe |
"UDP Query User{993730A5-24DD-4565-8904-82560A027CDC}C:\users\garbert\appdata\local\temp\housecall\housecall.bin" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\housecall\housecall.bin |
"UDP Query User{9CD84880-4743-4788-9437-133B459CEF6D}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"UDP Query User{A0A3D81F-ED5B-42C5-83E7-9ABC84298458}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A25558F9-F6C0-48D0-9B3B-AF31D92F7D80}C:\program files\common files\adobe\arm\1.0\adobearm.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\arm\1.0\adobearm.exe |
"UDP Query User{A2E67958-9CB2-4760-A695-7076F5380F92}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe |
"UDP Query User{A7B9523E-5ED9-4A90-B022-5A831A1E7A2C}C:\users\garbert\appdata\roaming\b4ccc\f1193.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\b4ccc\f1193.exe |
"UDP Query User{B2A8D85F-EF64-41FF-BC6D-FE0374394516}C:\users\garbert\appdata\local\temp\rarsfx0\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\setup.exe |
"UDP Query User{BBFFA4DD-4D2D-4A2D-8495-1AF112334938}C:\windows\system32\dekivrzonxusofp.exe" = protocol=17 | dir=in | app=c:\windows\system32\dekivrzonxusofp.exe |
"UDP Query User{C1B7190D-4441-4A2A-95D5-3B678615CB47}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{C59381B4-50BE-4336-BA4C-B84AABC1389C}C:\program files\1&1\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\1&1\liveupdate\m2lutray.exe |
"UDP Query User{C6C14200-DBC9-4620-8F1C-BD68210A77DF}C:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\rarsfx0\apnstub.exe |
"UDP Query User{C79CDBBC-BE38-4333-8F5B-B047173DBE34}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"UDP Query User{CC17B17D-64D4-4E15-82FA-29909EF857C8}C:\program files\avira\antivir desktop\ipmgui.exe" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\ipmgui.exe |
"UDP Query User{D0FADD32-E64B-4816-92E1-61080CAA8BC3}C:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs4e88.tmp\setup.exe |
"UDP Query User{D477B569-EC52-4A12-A0C1-3845DFD6E8A0}C:\users\garbert\appdata\local\temp\0.311055798381219exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\0.311055798381219exe |
"UDP Query User{D4E74CCB-813A-4D50-8AFD-C5B69CCE1C2D}C:\users\garbert\appdata\local\temp\svhostu.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\svhostu.exe |
"UDP Query User{D80A8700-3E3E-4F33-8902-8C8965708999}C:\program files\pdf24\pdf24-updater.exe" = protocol=17 | dir=in | app=c:\program files\pdf24\pdf24-updater.exe |
"UDP Query User{DB9A6DAE-D4A7-485C-8CAF-0EE6E625E553}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{DF9A7C72-7933-4997-905F-28B1DB21E6A7}C:\program files\ccc28\lvvm.exe" = protocol=17 | dir=in | app=c:\program files\ccc28\lvvm.exe |
"UDP Query User{E16C9E84-8C9A-4E01-9A84-89F48988B8AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E765AEF8-88FE-4D5D-9CE1-2F1D4F7A5DA3}C:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\local\temp\7zs2906.tmp\setup.exe |
"UDP Query User{F0E6E7D1-F099-42C1-81F8-66FAD3502CD1}C:\program files\gmx\liveupdate\m2lutray.exe" = protocol=17 | dir=in | app=c:\program files\gmx\liveupdate\m2lutray.exe |
"UDP Query User{F1F5AC40-FBD7-4111-AB7F-A1282F3D67E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F3466136-5606-4FD2-8064-A38B0DEB13B9}C:\program files\lp\936b\30e8.tmp" = protocol=17 | dir=in | app=c:\program files\lp\936b\30e8.tmp |
"UDP Query User{F8630047-3477-4EF9-8FA6-F8432BF02C6A}C:\users\garbert\appdata\roaming\lt6ow0jc.exe" = protocol=17 | dir=in | app=c:\users\garbert\appdata\roaming\lt6ow0jc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016B58FA-6D8C-4EE2-B2F1-5E78628E4AD5}" = 1&1 Update
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2F6D47A9-D946-4472-8D25-24151AC1A3CD}" = Internet Explorer 8 1&1 Addon
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5C97698A-FAB5-41DB-ADB0-5FCB2BC84588}" = InternetExplorer-GMX-Addon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B27F2F79-879F-45F9-B2B7-08EF9B95502F}" = Internet Explorer 8 1&1 Edition
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Update" = 1&1 Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AgrarOfficeJKEKLZT_is1" = AO Agrar-Office 5.0.9.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus
"ELAN 2009 NW" = ELAN 2009 NW
"ELAN 2010 NW" = ELAN 2010 NW
"ELAN 2011 NW " = ELAN 2011 NW
"GMX Update" = GMX Update
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Internet Explorer 8 1&1 Addon" = Internet Explorer 8 1&1 Addon
"Internet Explorer 8 1&1 Edition" = Internet Explorer 8 1&1 Edition
"InternetExplorer-GMX-Addon" = InternetExplorer-GMX-Addon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 4" = TeamViewer 4
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.10.2011 01:39:40 | Computer Name = Garbert-PC | Source = WerSvc | ID = 5007
Description =
Error - 27.10.2011 01:41:11 | Computer Name = Garbert-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549adc4, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
Ausnahmecode 0xc0000005, Fehleroffset 0x000dea73, Prozess-ID 0x220, Anwendungsstartzeit
01cc946af0e299bb.
Error - 27.10.2011 01:41:34 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description =
Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description =
Error - 27.10.2011 01:41:35 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011
Description =
Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = EventSystem | ID = 4609
Description =
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description =
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3012
Description =
Error - 27.10.2011 02:15:15 | Computer Name = Garbert-PC | Source = LoadPerf | ID = 3011
Description =
Error - 27.10.2011 02:34:44 | Computer Name = Garbert-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 27.10.2011 02:09:01 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:04 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:05 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:07 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:09 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:13 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:23 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.10.2011 02:09:59 | Computer Name = Garbert-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.10.2011 02:18:06 | Computer Name = Garbert-PC | Source = DCOM | ID = 10005
Description =
< End of report >
Geändert von AdiumX (27.10.2011 um 07:53 Uhr) |
| Themen zu Trojaner win32/sirefef.O |
| dringend, funktionieren, scan, scanner, tools, troja, trojaner, trojaner win32/sirefef.o, unterstützung, virenscan, virenscanner, win |
Baum-Darstellung