| |
| |||||||
Log-Analyse und Auswertung: Keine Admin rechte mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2012, 12:27
| #1 | ||
| |  Keine Admin rechte mehr Hallo zusammen, Ich glaube mein Notebook ist infiziert, ich kann weder Task Manger öffnen noch regedit oder Avira installieren. Ich weiss nicht was ich mach soll. Wähe über jede Hilfe dankbar. Ich hab jetzt geschafft Malwarebytes zu installieren. Zitat:
OTL scan läuft poste es gleich. Soll ich Malwarebytes die Viren entferne lassen ? hier noch der GMER log Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2012 10:07:58 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\NONAME\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,05 Mb Total Physical Memory | 498,90 Mb Available Physical Memory | 49,15% Memory free 2,39 Gb Paging File | 2,01 Gb Available in Paging File | 84,08% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,02 Gb Total Space | 50,89 Gb Free Space | 63,60% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 68,87 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Drive E: | 14,84 Gb Total Space | 11,77 Gb Free Space | 79,32% Space Free | Partition Type: NTFS Computer Name: NETBOOK | User Name: H**** H*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 09:57:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\H******\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2008.07.24 13:07:39 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDCTRL.EXE PRC - [2008.07.23 12:22:42 | 000,180,224 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe PRC - [2008.07.23 12:04:56 | 000,557,056 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe PRC - [2008.06.17 18:27:28 | 000,294,912 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe PRC - [2008.05.30 11:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe PRC - [2008.05.21 01:56:24 | 000,167,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe PRC - [2008.05.15 15:30:36 | 000,761,856 | ---- | M] (Hauppauge Inc.) -- C:\Programme\WinTV\EPG Services\System\EPGClient.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 14:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE PRC - [2007.08.13 13:32:06 | 000,234,496 | ---- | M] () -- C:\WINDOWS\system32\isass.exe PRC - [2006.01.30 18:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe ========== Modules (No Company Name) ========== MOD - [2012.06.11 10:05:54 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.06.11 09:55:01 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f3e675e\mscorlib.dll MOD - [2012.06.11 09:54:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_bd9230cd\system.xml.dll MOD - [2012.06.11 09:54:29 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_603fd6f2\system.windows.forms.dll MOD - [2012.06.11 09:54:13 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e47a7d6a\system.dll MOD - [2012.06.11 09:53:57 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.06.11 09:53:54 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2010.10.31 11:43:43 | 000,248,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\d0e0b73d696b0c91fd464b177f31befc\VMC.WindowsService.Core.ni.dll MOD - [2010.10.31 11:43:27 | 000,031,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\04498cc19c1fb3744a1daab05f3fbf50\VMC.BaseServices.OutlookConnector.ni.dll MOD - [2010.10.31 11:43:26 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\4002b5f63ca3aebf59bffce61b5f51b4\VMC.BaseServices.XmlSerializers.ni.dll MOD - [2010.10.31 11:43:23 | 000,218,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3044685d3ba6cc8d8f9c465a3098d606\Interop.FNCClient11Lib.ni.dll MOD - [2010.10.31 11:43:22 | 000,492,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\f771d4b4121f3b18f2d428b949364a23\VMC.BaseServices.DataAccessor.ni.dll MOD - [2010.10.31 11:43:13 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll MOD - [2010.10.31 11:43:11 | 000,070,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\13bab919569c4156c502539efbe19bc7\VMC.WindowsService.Messaging.ni.dll MOD - [2010.10.31 11:43:09 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll MOD - [2010.10.31 11:42:21 | 000,497,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\475395f491f62a1386d47211784fe7d2\VMC.ConnectionServicesInterface.ni.dll MOD - [2010.10.31 11:42:19 | 000,946,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\0d4519070c0f7290ec729db77a8d30b1\VMC.BaseServices.Platform.ni.dll MOD - [2010.10.31 11:42:10 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll MOD - [2010.10.31 11:41:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll MOD - [2010.10.31 11:38:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll MOD - [2010.10.31 11:34:08 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll MOD - [2010.10.31 11:33:00 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll MOD - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe MOD - [2008.09.08 11:20:19 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2008.09.08 11:20:16 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll MOD - [2008.04.14 14:00:00 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll MOD - [2008.04.14 14:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.08.13 13:32:06 | 000,234,496 | ---- | M] () -- C:\WINDOWS\system32\isass.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.06.02 15:55:26 | 000,905,216 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer) SRV - [2008.05.30 11:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\EPG Services\System\EPGService.exe -- (EPGService) SRV - [2007.08.13 13:32:06 | 000,234,496 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\isass.exe -- (CSNetManagerXp) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uxldqpog.sys -- (uxldqpog) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\imonnk.sys -- (abp470n5) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.03.11 09:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 09:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.01 18:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2009.04.09 13:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.04.09 13:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.11.18 17:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtstusbser.sys -- (gtstusbser) DRV - [2008.07.10 04:33:40 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se) DRV - [2008.04.17 17:59:02 | 000,015,616 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2008.04.17 17:58:00 | 000,560,640 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.03.18 12:21:32 | 004,744,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.03.11 13:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2007.07.26 20:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.30 17:45:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Asus Power Management Utility.lnk = C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\QUICKEN9\billmind.exe (Intuit) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\H*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.08 10:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.05.24 13:26:51 | 000,000,297 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{229a6e76-7898-11df-84a8-00a0c6000000}\Shell\AutoPlay\coMMand - "" = E:\esih.cmd O33 - MountPoints2\{229a6e76-7898-11df-84a8-00a0c6000000}\Shell\AutoRun\command - "" = E:\esih.cmd O33 - MountPoints2\{229a6e76-7898-11df-84a8-00a0c6000000}\Shell\EXplORE\commANd - "" = E:\esih.cmd O33 - MountPoints2\{229a6e76-7898-11df-84a8-00a0c6000000}\Shell\OpeN\commAnd - "" = E:\esih.cmd O33 - MountPoints2\{263c2106-72e2-11de-8476-002243692c41}\Shell - "" = AutoRun O33 - MountPoints2\{263c2106-72e2-11de-8476-002243692c41}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{263c2106-72e2-11de-8476-002243692c41}\Shell\AutoRun\command - "" = E:\QsSetup.exe O33 - MountPoints2\{2e5fc774-2615-11e0-85d2-002243692c41}\Shell\AutoPLay\comMAND - "" = E:\ghbdk.exe O33 - MountPoints2\{2e5fc774-2615-11e0-85d2-002243692c41}\Shell\AutoRun\command - "" = E:\ghbdk.exe O33 - MountPoints2\{2e5fc774-2615-11e0-85d2-002243692c41}\Shell\exPlORe\ComManD - "" = E:\ghbdk.exe O33 - MountPoints2\{2e5fc774-2615-11e0-85d2-002243692c41}\Shell\OpEn\cOmmaND - "" = E:\ghbdk.exe O33 - MountPoints2\{30e820ea-3b57-11de-8448-002354a73d71}\Shell - "" = AutoRun O33 - MountPoints2\{30e820ea-3b57-11de-8448-002354a73d71}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{30e820ea-3b57-11de-8448-002354a73d71}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{30e820eb-3b57-11de-8448-002354a73d71}\Shell\AutopLay\coMmand - "" = F:\wmtct.pif O33 - MountPoints2\{30e820eb-3b57-11de-8448-002354a73d71}\Shell\AutoRun\command - "" = F:\wmtct.pif O33 - MountPoints2\{30e820eb-3b57-11de-8448-002354a73d71}\Shell\explorE\COMmand - "" = F:\wmtct.pif O33 - MountPoints2\{30e820eb-3b57-11de-8448-002354a73d71}\Shell\OpEn\cOmmanD - "" = F:\wmtct.pif O33 - MountPoints2\{55c51124-811f-11e0-86f9-002243692c41}\Shell\AUtoplay\cOMMANd - "" = E:\kdhq.cmd O33 - MountPoints2\{55c51124-811f-11e0-86f9-002243692c41}\Shell\AutoRun\command - "" = E:\kdhq.cmd O33 - MountPoints2\{55c51124-811f-11e0-86f9-002243692c41}\Shell\explorE\cOmMaNd - "" = E:\kdhq.cmd O33 - MountPoints2\{55c51124-811f-11e0-86f9-002243692c41}\Shell\OpeN\commAnD - "" = E:\kdhq.cmd O33 - MountPoints2\{7f1e3441-c7b8-11df-852c-002243692c41}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe O33 - MountPoints2\{8c5f8be2-8684-11df-84d4-002243692c41}\Shell\aUtoPlaY\coMmaNd - "" = E:\cshtjw.pif O33 - MountPoints2\{8c5f8be2-8684-11df-84d4-002243692c41}\Shell\AutoRun\command - "" = E:\cshtjw.pif O33 - MountPoints2\{8c5f8be2-8684-11df-84d4-002243692c41}\Shell\EXPlOre\COMmaND - "" = E:\cshtjw.pif O33 - MountPoints2\{8c5f8be2-8684-11df-84d4-002243692c41}\Shell\OpEn\CommaNd - "" = E:\cshtjw.pif O33 - MountPoints2\{9e716c0c-2d59-11e0-85ee-002243692c41}\Shell\AUTOplAy\command - "" = E:\iwlbfc.exe O33 - MountPoints2\{9e716c0c-2d59-11e0-85ee-002243692c41}\Shell\AutoRun\command - "" = E:\iwlbfc.exe O33 - MountPoints2\{9e716c0c-2d59-11e0-85ee-002243692c41}\Shell\expLOre\CoMmand - "" = E:\iwlbfc.exe O33 - MountPoints2\{9e716c0c-2d59-11e0-85ee-002243692c41}\Shell\OpeN\CommaNd - "" = E:\iwlbfc.exe O33 - MountPoints2\{aed40bbc-4dbc-11e0-864c-002243692c41}\Shell\AuToplAy\cOmmand - "" = E:\hiya.pif O33 - MountPoints2\{aed40bbc-4dbc-11e0-864c-002243692c41}\Shell\AutoRun\command - "" = E:\hiya.pif O33 - MountPoints2\{aed40bbc-4dbc-11e0-864c-002243692c41}\Shell\explOrE\coMMANd - "" = E:\hiya.pif O33 - MountPoints2\{aed40bbc-4dbc-11e0-864c-002243692c41}\Shell\open\CommAnd - "" = E:\hiya.pif O33 - MountPoints2\{da7f43c4-3b5a-11de-844a-002243692c41}\Shell - "" = AutoRun O33 - MountPoints2\{da7f43c4-3b5a-11de-844a-002243692c41}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{da7f43c4-3b5a-11de-844a-002243692c41}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{dc79cab9-5df1-11df-849b-002243692c41}\Shell - "" = AutoRun O33 - MountPoints2\{dc79cab9-5df1-11df-849b-002243692c41}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dc79cab9-5df1-11df-849b-002243692c41}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 10:07:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\H***** S\Desktop\OTL.exe [2012.06.11 09:53:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.11 09:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.06.09 13:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.09 13:46:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.09 13:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.09 13:43:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\H****\Anwendungsdaten\Malwarebytes [2012.06.09 13:43:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.09 13:11:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 11:00:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.11 10:28:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.06.11 10:06:25 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.11 10:06:25 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.11 10:06:25 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.11 10:06:25 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.11 09:57:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\H****\Desktop\OTL.exe [2012.06.09 15:46:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.09 15:46:14 | 1064,423,424 | -HS- | M] () -- C:\hiberfil.sys [2012.06.09 14:05:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\H*****\defogger_reenable [2012.06.09 13:46:51 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.09 12:50:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.08 12:44:20 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2012.06.07 22:16:48 | 000,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\H*****\Desktop\Microsoft Excel.lnk [33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.09 14:05:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\H******\defogger_reenable [2012.06.09 13:46:51 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.09 12:29:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.09 12:29:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011.01.09 13:50:43 | 000,234,496 | ---- | C] () -- C:\WINDOWS\System32\isass.exe [2011.01.04 12:05:40 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll [2011.01.04 12:05:39 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe [2011.01.03 14:14:28 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\V24.DLL [2011.01.03 14:12:00 | 000,005,990 | ---- | C] () -- C:\WINDOWS\icoadb32.dat [2011.01.02 12:59:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT [2011.01.02 12:59:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT [2011.01.02 12:58:28 | 000,001,455 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2011.01.02 12:58:28 | 000,000,185 | ---- | C] () -- C:\WINDOWS\Intuprof.ini [2010.10.30 17:48:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini [2010.10.30 17:43:29 | 000,000,220 | ---- | C] () -- C:\WINDOWS\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini [2010.09.24 11:41:39 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\H******\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.06.27 14:42:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.08.16 15:32:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX [2010.06.27 14:46:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter [2011.07.30 07:50:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2010.06.27 14:46:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu [2010.06.19 08:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT [2010.10.30 17:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009.05.12 14:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H****\Anwendungsdaten\Template [2010.05.12 20:17:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H***\Anwendungsdaten\Vodafone [2010.10.30 21:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\H****\Anwendungsdaten\Vodafone Mobile Connect [2012.06.11 10:28:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job ========== Purity Check ========== < End of report > So hab jetzt soweit alle Logfils die in der Checkliste verlangt werden. OTL Extras logfile OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2012 11:19:53 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,05 Mb Total Physical Memory | 514,44 Mb Available Physical Memory | 50,68% Memory free
2,39 Gb Paging File | 2,03 Gb Available in Paging File | 85,04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,02 Gb Total Space | 50,57 Gb Free Space | 63,20% Space Free | Partition Type: NTFS
Drive D: | 69,00 Gb Total Space | 68,87 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Computer Name: NETBOOK | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\esih.cmd" = E:\esih.cmd:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office\OSA9.EXE" = C:\Programme\Microsoft Office\Office\OSA9.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Programme\Elantech\ETDCtrl.exe" = C:\Programme\Elantech\ETDCtrl.exe:*:Enabled:ipsec -- (ELANTECH Devices Corp.)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\system32\netsh.exe" = C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe" = C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe:*:Enabled:ipsec -- (Bytemobile, Inc.)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\skaa.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\skaa.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpvnio.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpvnio.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cghf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cghf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrhgw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrhgw.exe:*:Enabled:ipsec
"C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe" = C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe:*:Enabled:ipsec -- (Hauppauge Inc.)
"C:\QUICKEN9\billmind.exe" = C:\QUICKEN9\billmind.exe:*:Enabled:ipsec -- (Intuit)
"C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe" = C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe:*:Enabled:ipsec -- (ASUSTeK Computer Inc.)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmdxl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmdxl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\snbw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\snbw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbjsbu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbjsbu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxreply.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxreply.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w4a6d67.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w4a6d67.exe:*:Enabled:ipsec
"C:\Programme\WinTV\Ir.exe" = C:\Programme\WinTV\Ir.exe:*:Enabled:ipsec -- (Hauppauge Computer Works)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mpcbfj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mpcbfj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrgpuso.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrgpuso.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvydawu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvydawu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wcd353.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wcd353.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqporg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqporg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\nyox.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\nyox.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pkugcm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pkugcm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wb6e64.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wb6e64.exe:*:Enabled:ipsec
"C:\Programme\EeePC\ACPI\AsAcpiSvr.exe" = C:\Programme\EeePC\ACPI\AsAcpiSvr.exe:*:Enabled:ipsec -- (ASUSTeK Computer Inc.)
"C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" = C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe:*:Enabled:ipsec -- (Vodafone)
"C:\Programme\Windows Live Toolbar\msn_sl.exe" = C:\Programme\Windows Live Toolbar\msn_sl.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe" = C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe:*:Enabled:ipsec -- (Hewlett-Packard)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uteh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uteh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbwviy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbwviy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlreef.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlreef.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kahf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kahf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\gjxcm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\gjxcm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyhdm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyhdm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintrchds.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintrchds.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winelehh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winelehh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winenbrj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winenbrj.exe:*:Enabled:ipsec
"C:\QUICKEN9\QW.EXE" = C:\QUICKEN9\QW.EXE:*:Enabled:ipsec -- (Intuit)
"C:\WINDOWS\system32\ntvdm.exe" = C:\WINDOWS\system32\ntvdm.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincrvne.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincrvne.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uxvfrf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uxvfrf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winncfeoe.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winncfeoe.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ooeh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ooeh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wa859a.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wa859a.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winckdf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winckdf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winchgnl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winchgnl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winybwmt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winybwmt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mkhs.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mkhs.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wbc492.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wbc492.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windvfk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windvfk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbahvs.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbahvs.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintlown.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintlown.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhqcmrf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhqcmrf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winstkkqq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winstkkqq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wcbb37.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wcbb37.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwojyiq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwojyiq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xacbl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xacbl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\thgfq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\thgfq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winuulx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winuulx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincwsme.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincwsme.exe:*:Enabled:ipsec
"C:\Programme\EeePC\ACPI\AsEPCMon.exe" = C:\Programme\EeePC\ACPI\AsEPCMon.exe:*:Enabled:ipsec -- (ASUSTeK Computer Inc.)
"C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32Info.exe" = C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32Info.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmfawy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmfawy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmbyx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmbyx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhipixb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhipixb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\oeyes.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\oeyes.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\yhmyuu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\yhmyuu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\lray.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\lray.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbkffh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbkffh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwoavb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwoavb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cdalo.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cdalo.exe:*:Enabled:ipsec
"C:\Programme\Microsoft Office\Office\EXCEL.EXE" = C:\Programme\Microsoft Office\Office\EXCEL.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"E:\ffko.exe" = E:\ffko.exe:*:Enabled:ipsec
"C:\Programme\EeePC\ACPI\AsTray.exe" = C:\Programme\EeePC\ACPI\AsTray.exe:*:Enabled:ipsec -- (ASUSTeK Computer Inc.)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rrdcq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rrdcq.exe:*:Enabled:ipsec
"C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ejbslt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ejbslt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jycbvt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jycbvt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxbel.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxbel.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmlhx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmlhx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\iggbdy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\iggbdy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsjonlm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsjonlm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintojy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintojy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbixy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbixy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnnom.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnnom.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bxhayx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bxhayx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winclmnj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winclmnj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\gyqdi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\gyqdi.exe:*:Enabled:ipsec
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet\Connect\11\agent.exe:*:Enabled:ipsec -- (Acresso Corporation)
"C:\Programme\Microsoft Office\Office\WINWORD.EXE" = C:\Programme\Microsoft Office\Office\WINWORD.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfclcf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfclcf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\evqgt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\evqgt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w98c56.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w98c56.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmbavh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmbavh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsqpw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsqpw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxcrrwg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxcrrwg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqwotr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqwotr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\byqpu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\byqpu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrtgno.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrtgno.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winucvtpl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winucvtpl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cehb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cehb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pwaoi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pwaoi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqcms.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqcms.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\we47828.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\we47828.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\agihb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\agihb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyhrsyd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyhrsyd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyuyn.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyuyn.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pbppnb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pbppnb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwuopmc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwuopmc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pekqgp.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pekqgp.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fmxsby.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fmxsby.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wruvx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wruvx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w2a44cd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w2a44cd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hatrh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hatrh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyjsvlj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyjsvlj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rgsgbd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rgsgbd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winahgrg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winahgrg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfkam.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfkam.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\urhca.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\urhca.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\piktx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\piktx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fwer.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fwer.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w993a9.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w993a9.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winblofcs.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winblofcs.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmmqng.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmmqng.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uuuith.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uuuith.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w95b05.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w95b05.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\sfyi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\sfyi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqdim.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqdim.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\dbsyg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\dbsyg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bsume.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bsume.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xrgih.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xrgih.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjxjq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjxjq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winowyn.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winowyn.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w296a0d.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\w296a0d.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winapwis.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winapwis.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlnyli.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlnyli.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bobi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bobi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbiedj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbiedj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbukom.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbukom.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winumlly.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winumlly.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tddag.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tddag.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winibobg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winibobg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tmodol.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tmodol.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rtuhxy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rtuhxy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineqegud.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineqegud.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mhmw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mhmw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyndt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyndt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xjcqr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xjcqr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rywoh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rywoh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tnbf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tnbf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincwrne.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincwrne.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintgkrid.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintgkrid.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winldpuhy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winldpuhy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjprr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjprr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winndyew.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winndyew.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mrchud.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\mrchud.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uyqv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uyqv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqqjf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqqjf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintcxarg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintcxarg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kelbty.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kelbty.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkgdgsk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkgdgsk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\vuortm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\vuortm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbpler.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbpler.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\trtsvi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\trtsvi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwhgmg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwhgmg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ulrs.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ulrs.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingjpc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingjpc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\roooe.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\roooe.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bwvka.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bwvka.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winydoi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winydoi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tfsges.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tfsges.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wkdno.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wkdno.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winimiuf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winimiuf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintpqsi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintpqsi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winovudfm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winovudfm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winprwkph.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winprwkph.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmtke.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmtke.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhcdva.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhcdva.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winctwpwc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winctwpwc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxmtj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxmtj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\upfk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\upfk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bhljnc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bhljnc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpucgqa.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpucgqa.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winaihvg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winaihvg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingxvkaw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingxvkaw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\qyqg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\qyqg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\oqsnl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\oqsnl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bxqbit.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\bxqbit.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kbycqk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kbycqk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cjjwrb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cjjwrb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\strjhq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\strjhq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\arkqk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\arkqk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingtnrv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingtnrv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\sxptv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\sxptv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkwqx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkwqx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\lhhkl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\lhhkl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlrpkrf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlrpkrf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xggrl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xggrl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjikcx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjikcx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvomyf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvomyf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uqswc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\uqswc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfcpnlw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfcpnlw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkofx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkofx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\autgx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\autgx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwgvwws.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwgvwws.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineahlf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineahlf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpkns.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpkns.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winejql.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winejql.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpjjetn.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpjjetn.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\oupi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\oupi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrwxgvr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrwxgvr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlavgr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlavgr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\swyhqu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\swyhqu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnwrd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnwrd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxqwuml.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxqwuml.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ptvo.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ptvo.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpsuwpq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpsuwpq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsguful.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsguful.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jdinx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jdinx.exe:*:Enabled:ipsec
"C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmop.exe" = C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmop.exe:*:Enabled:ipsec -- (Bytemobile, Inc.)
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqgup.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqgup.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hgriv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hgriv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintrnoor.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintrnoor.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvsfj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvsfj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winabhi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winabhi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tkbh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tkbh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\dqym.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\dqym.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\thpp.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\thpp.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhywvgl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhywvgl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winromna.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winromna.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintmwbsa.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintmwbsa.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winldvh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winldvh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpbrv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpbrv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\nqqs.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\nqqs.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\dxlek.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\dxlek.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pnae.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pnae.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrvdq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrvdq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintdyui.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintdyui.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbimf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbimf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fboqr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fboqr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\eocqs.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\eocqs.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbhemec.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbhemec.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\okyd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\okyd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvjpoi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvjpoi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fwsncj.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fwsncj.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqxkmmn.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqxkmmn.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingfor.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingfor.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hvnc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hvnc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winecpct.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winecpct.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tkweek.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tkweek.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tvcqla.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tvcqla.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jqhuph.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jqhuph.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhbhte.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhbhte.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fcgo.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fcgo.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnuwlkm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnuwlkm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincubp.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincubp.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjsnvci.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjsnvci.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjqrns.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjqrns.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\igbin.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\igbin.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winumhqyd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winumhqyd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jjqvi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jjqvi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ykng.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ykng.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineigog.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineigog.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ofmhb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ofmhb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincliqnh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincliqnh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hmin.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hmin.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincscwe.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wincscwe.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjcsc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjcsc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winslao.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winslao.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintatvb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintatvb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\heuhfo.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\heuhfo.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winefnih.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winefnih.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winirwmc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winirwmc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxehti.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxehti.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbfyyvi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbfyyvi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\eewb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\eewb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnpkm.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnpkm.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ncqps.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ncqps.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingelxi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingelxi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winruthl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winruthl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsakc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winsakc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hjsw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\hjsw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkhfp.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkhfp.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhqmg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhqmg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ntdyx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ntdyx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmgaqy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmgaqy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqajt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winqajt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winshgbg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winshgbg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\lfgnnv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\lfgnnv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhbux.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhbux.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhglwg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhglwg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvevtly.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvevtly.exe:*:Enabled:ipsec
"E:\tiksvb.exe" = E:\tiksvb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winywniwq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winywniwq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxyetv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winxyetv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhqxd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhqxd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlpfhg.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlpfhg.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winexxd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winexxd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlymw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlymw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\erdi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\erdi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winngmb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winngmb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwqdes.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwqdes.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnokhml.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnokhml.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwwvo.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winwwvo.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windkijl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windkijl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmvqfxk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmvqfxk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkjxq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkjxq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winacpv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winacpv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvhhlx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvhhlx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kjsror.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kjsror.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cxcy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cxcy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\vjrr.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\vjrr.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fmfq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\fmfq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\qwyt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\qwyt.exe:*:Enabled:ipsec
"C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe" = C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"E:\xuhhy.exe" = E:\xuhhy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tfit.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\tfit.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jiybt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jiybt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrpxdmf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winrpxdmf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winuitgd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winuitgd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pgth.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\pgth.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvbhepc.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvbhepc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhhobmp.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winhhobmp.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winocypt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winocypt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winibut.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winibut.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xock.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\xock.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlvhsh.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlvhsh.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rqwne.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\rqwne.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windiax.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windiax.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\agrnf.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\agrnf.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbmkp.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winbmkp.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\assi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\assi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingqnonu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wingqnonu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpngk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winpngk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvensnd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvensnd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintdnu.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintdnu.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnyeya.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winnyeya.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\owtgb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\owtgb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintegxv.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintegxv.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjonjjn.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjonjjn.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjuapif.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjuapif.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineners.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wineners.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkhlhxl.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winkhlhxl.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlsknt.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winlsknt.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winulyb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winulyb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ovmd.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ovmd.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvqae.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winvqae.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyuadw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winyuadw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ggmy.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\ggmy.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winghdtqi.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winghdtqi.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmqjuvn.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winmqjuvn.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windkuine.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\windkuine.exe:*:Enabled:ipsec
"E:\iwlbfc.exe" = E:\iwlbfc.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winaisk.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winaisk.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cwwcfw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\cwwcfw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfeldeb.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winfeldeb.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kwcx.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\kwcx.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintoerq.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\wintoerq.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jfon.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\jfon.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjgqw.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winjgqw.exe:*:Enabled:ipsec
"C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winiglca.exe" = C:\DOKUME~1\HERIBE~1\LOKALE~1\Temp\winiglca.exe:*:Enabled:ipsec
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{4C60287C-052E-4595-8B83-32A9977FE942}" = Asus Power Management Utility
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Börsenmodul" = Börsenmodul
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAO 3.5" = DAO 3.5
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Eee Storage" = Eee Storage 1.1.15.197
"Elantech" = ETD Ware PS/2-x86 5.0.0.4 WHQL
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"MAGIX Media Manager silver" = MAGIX Media Manager silver
"MAGIX mp3 maker titanium 2004" = MAGIX mp3 maker titanium 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Quicken2002 DELUXE" = Quicken2002 DELUXE
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live Toolbar" = Windows Live Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2012 09:34:14 | Computer Name = NETBOOK | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mobileconnect.exe, version 9.4.9.22273, stamp
4baaaf1c, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7,
debug? 0, fault address 0x00097dda.
Error - 12.05.2012 19:26:22 | Computer Name = NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17093, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.05.2012 17:55:30 | Computer Name = NETBOOK | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mobileconnect.exe, version 9.4.9.22273, stamp
4baaaf1c, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7,
debug? 0, fault address 0x00097dda.
Error - 06.06.2012 05:12:40 | Computer Name = NETBOOK | Source = VMCService | ID = 0
Description = conflictManagerStarted
Error - 11.06.2012 04:05:27 | Computer Name = NETBOOK | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mobileconnect.exe, version 9.4.9.22273, stamp
4baaaf1c, faulting module mscorwks.dll, version 2.0.50727.3634, stamp 4ef6c0ec,
debug? 0, fault address 0x000b0db2.
[ System Events ]
Error - 06.06.2012 05:08:52 | Computer Name = NETBOOK | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 08.06.2012 06:36:37 | Computer Name = NETBOOK | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 09.06.2012 07:26:31 | Computer Name = NETBOOK | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Realtek RTL8187SE Wireless LAN PCIE Network Adapter" (PCI\VEN_10EC&DEV_8199&SUBSYS_819910EC&REV_22\4&1b635843&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 09.06.2012 07:48:05 | Computer Name = NETBOOK | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Realtek RTL8187SE Wireless LAN PCIE Network Adapter" (PCI\VEN_10EC&DEV_8199&SUBSYS_819910EC&REV_22\4&1b635843&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 09.06.2012 08:17:17 | Computer Name = NETBOOK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 09.06.2012 08:19:38 | Computer Name = NETBOOK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 09.06.2012 08:19:43 | Computer Name = NETBOOK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 11.06.2012 03:37:13 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst WZCSVC.
Error - 11.06.2012 03:38:36 | Computer Name = NETBOOK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 11.06.2012 03:43:24 | Computer Name = NETBOOK | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
|
|
11.06.2012, 22:16
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Keine Admin rechte mehr Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
12.06.2012, 13:29
| #3 | |
| | Keine Admin rechte mehr Ich hoffe das sind alles fehlermeldungen
__________________ Zitat:
|
|
12.06.2012, 13:56
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Admin rechte mehr Log sieht unvollständig aus
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.06.2012, 14:37
| #5 | |
| | Keine Admin rechte mehr Hier noch Malwarebytes Ich hab bei ESET alles was ins Quarantäne verschoben wurde wiederhergestellt, da ich vergessen habe das häkchen rauszusetzt. Zitat:
|
|
12.06.2012, 15:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Admin rechte mehr Obwohl das MBAM Log vergleichsweise gut aussieht, wird dein System aufgrund des Fileifectors SALITY im Eimer sein.  Neuinstallation von Windows dringend empfohlen!
__________________ --> Keine Admin rechte mehr |
|
12.06.2012, 16:04
| #7 |
| | Keine Admin rechte mehr was bringt sowas hier hxxp://www.avg.com/de-de/remove-sality.tpl-stdfull |
|
12.06.2012, 21:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Admin rechte mehr Würde ich von abraten, der Sality ist zu gefährlich und zu destruktiv
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Keine Admin rechte mehr |
| admin, avira, backdoor.agent.h, benutzerregistrierung, canon, checkliste, dankbar, dateisystem, ebook, glaube, hallo zusammen, heuristiks/extra, heuristiks/shuriken, infiziert, installiere, isass.exe, logfils, nicht möglich, notebook, rechte, regedit, searchscopes, vodafone, windows internet, zusammen, öffnen |
Linear-Darstellung
