Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.


Plagegeister aller Art und deren Bekämpfung: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.06.2013, 11:02   #1
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.


Guten Tag,

mein Antivir hat gestern den Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7 gemeldet. Beide wurden in die Quarantäne von Antivir verschoben. Ich benötige Unterstützung bei der Beseitigung der Schädlinge.

Gemäß der Anleitung im Thread "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" habe ich Defogger installiert. Ich habe mit OTL einen Scann drüber laufen lassen. Gmer ist beim scannen abgestürzt.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.06.2013 11:52:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jennifer\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,45% Memory free
6,50 Gb Paging File | 5,11 Gb Available in Paging File | 78,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,19 Gb Free Space | 14,72% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
 
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.01 10:26:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 10:34:49 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 23:04:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 23:04:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 23:04:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2008.07.03 18:10:12 | 001,597,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe
PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 17:35:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 17:34:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.14 09:45:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll
MOD - [2013.01.10 20:37:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:36:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:36:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:36:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:36:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.08.25 22:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.29 11:31:12 | 000,652,800 | ---- | M] () -- E:\Programme\IZArc\IZArcCM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 16:39:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.28 23:04:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 23:04:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007.08.24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.03.28 23:04:49 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 23:04:49 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 23:04:49 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E0 96 87 13 A2 CB 01  [binary data]
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 95 3B DB 3F 23 CE 01  [binary data]
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.31 08:42:17 | 000,000,000 | ---D | M]
 
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\kn3gu7ao.default\extensions
[2012.06.23 18:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.24 09:44:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.15 19:03:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.16 20:50:03 | 000,446,020 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6020D34-9C42-44B9-89C9-5210E7F997A0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.23 12:49:28 | 000,000,077 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.11.01 16:25:14 | 000,000,000 | ---D | M] - F:\Autoralley -- [ NTFS ]
O33 - MountPoints2\{d71635f9-0be5-11e0-8f34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d71635f9-0be5-11e0-8f34-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Msetup4.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.19 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Garmin
[2013.05.19 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Neuer Ordner
[2013.05.19 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013.05.19 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.05.19 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.16 11:01:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 11:01:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 11:01:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 11:01:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 11:01:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 11:01:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 11:01:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 11:01:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 11:01:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 11:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 09:12:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 09:12:01 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 09:11:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 09:11:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 09:11:55 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 11:53:37 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:53:37 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:45:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 11:45:33 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 11:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 10:24:43 | 000,000,000 | ---- | M] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013.05.19 10:57:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:57:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:57:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:57:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 17:34:10 | 000,439,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:39:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 16:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.13 19:32:43 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.01 10:24:43 | 000,000,000 | ---- | C] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2011.03.17 21:46:31 | 000,000,680 | RHS- | C] () -- C:\Users\Raphael\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.05 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\FOG Downloader
[2013.05.19 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Garmin
[2011.03.23 16:02:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2012.10.30 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\pdfforge
[2010.12.29 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\FOG Downloader
[2013.05.19 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Garmin
[2011.02.15 19:04:18 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org
[2012.10.30 12:43:52 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\pdfforge
[2011.03.03 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 11:52:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jennifer\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,45% Memory free
6,50 Gb Paging File | 5,11 Gb Available in Paging File | 78,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,19 Gb Free Space | 14,72% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
 
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "H:\Cewe\dm-Fotowelt\dm-Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "F:\cewe\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B414A-3D8B-40BA-9359-3C33226577AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D1939E5-B494-4359-AB9B-9E9E93EA5977}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C63C50C-7713-418F-B076-4845B9FBC55A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3041C936-470B-46D9-8A1B-3F5CBBDE787D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{432ED99F-DF16-41CE-BBDA-72E22C30DE92}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47B5CE20-8D1B-4AB6-B798-C3B5BB30A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5429D7EE-F395-466B-B3A8-BE06E1C406B0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{62E05942-54F7-4EBF-B337-7544EF52AC97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{638E6196-DF8D-468A-AE6C-493A33F0877E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71AE9208-60B3-4B97-B639-43D681446DE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7ECFAD41-01FC-4703-94A0-0A7EF4D7DF90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9268442A-E994-4DE0-9581-300C3F5D5CFB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93E1C0FF-A251-420C-AB0A-F37F305F1CC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{95C0894C-3A40-458E-8C46-F2E5587CCD69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B2C5559-05D6-4983-A10D-78EF2ABF8504}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A35D4A88-7CFE-44A7-9E23-C21EB32AA79D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3E080BC-ED8F-4540-9B0F-825C91D1C66C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C3D2B7B9-406F-4F46-9449-9F0A496BC8C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DEEFA361-8A7E-4C57-82DA-67AA60741CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2F073BE-AFAD-403B-A9DE-E4A5DDC9CFCB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F198FB6B-2701-4C0B-878D-EA875CC32168}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FBDE392B-69A4-41A3-824D-D16F5ED9722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F3611-BF59-4F16-8567-3464B7E80D78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14288556-9311-45B5-9096-3E916551D52B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1A84EF6B-ADB5-4E79-B507-D2195690AB82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{26AD5F6E-C6F5-4BCD-BA63-1E40CACA8E04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{520E672D-4167-4D75-95FD-AE1041A18C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8270593D-8A4A-49E7-81BE-D4C2D7EF9951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87C4DE77-60FE-403E-A2A9-2C9EC48B6D14}" = protocol=6 | dir=out | app=system | 
"{8AD696AD-E23C-4C35-BD54-81ED0CCC3D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D48E281-ED96-4006-B9DF-A646470C2FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9906632A-D70C-4D8B-A265-FBEEBA585A5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A1EE4A09-9552-4D75-B301-F7DE27A6F45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A49342C5-C84A-4310-A88C-9C457FADD0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B85C07E4-DD81-427A-BAF3-789B17CBCEF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFED79BE-E46E-4DCB-8C05-CDA058A4CB55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2ED17D4-F836-43AE-B6F9-8C0377FE6642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CDD03498-7A8F-428B-B4D7-589A46DCD8DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CFDA44FA-510F-4ADF-BA43-ABF5FEFBDC18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E80B11D0-1013-4DA2-B91C-3AF81AFB1914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F69A80A9-3329-4975-A1BF-0FCEB1EB05C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA513E17-7362-44AF-8BB9-FD06675EA418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF148A5A-D34C-45CA-86C0-682D764DA95C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8A7455F9-85C1-4A75-B6C2-EAE44775E499}E:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\program files\runes of magic\client.exe | 
"TCP Query User{9B131DDB-C3B2-40A4-AEA6-204BD12B76AD}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe | 
"TCP Query User{B7BB0A1C-8E91-4CC3-A67F-6B6CC34EA13A}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe | 
"UDP Query User{5A10F57B-746F-4096-89BA-AAC9970FD063}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe | 
"UDP Query User{C464BDB6-7DE6-485D-80DA-D35E25B518EC}E:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\program files\runes of magic\client.exe | 
"UDP Query User{F2864DC7-95BF-4853-AEF0-6CED531A48FF}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{0CA04779-346C-30FD-EB9B-8EEA2CE094B3}" = CCC Help Thai
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C160168-BF5B-72FE-BAFA-6DD5F737404C}" = CCC Help Chinese Standard
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEBD42E-4DC7-A874-645B-28B63907E930}" = ATI AVIVO Codecs
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{60341104-FC8E-EF26-12CB-93B17DF55976}" = CCC Help Japanese
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7CE47764-9A8F-380D-FB9E-FCFC37B9F727}" = CCC Help Korean
"{85D27E0C-6185-58BC-94B6-E5EED97962D8}" = AMD Drag and Drop Transcoding
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB6F9DC-A0FF-621E-DE53-877E63864DD1}" = CCC Help Chinese Traditional
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"dm-Fotowelt" = dm-Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foto Paradies" = Foto Paradies
"Jack Keane" = Jack Keane
"Jewels of Atlantis/DE-German_is1" = Jewels of Atlantis
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"S4Uninst" = Die Siedler IV
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2013 03:43:24 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 20.05.2013 11:48:55 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 21.05.2013 12:11:08 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 23.05.2013 04:33:50 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.05.2013 07:36:24 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 26.05.2013 14:04:42 | Computer Name = Jennifer-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 27.05.2013 11:00:45 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 28.05.2013 09:34:58 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.05.2013 17:38:27 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.06.2013 05:19:30 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0,
 Zeitstempel: 0x515d31f0  Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version:
 2.1.19163.0, Zeitstempel: 0x515d31f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012288
ID
 des fehlerhaften Prozesses: 0x8c8  Startzeit der fehlerhaften Anwendung: 0x01ce5ea8fadf6e54
Pfad
 der fehlerhaften Anwendung: C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe  Berichtskennung:
 5cc5ea58-ca9c-11e2-af58-6c626d75ece4
 
[ OSession Events ]
Error - 02.07.2011 16:14:35 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773
 seconds with 1920 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.05.2013 03:28:15 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.05.2013 12:09:42 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.05.2013 09:22:11 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.05.2013 05:40:09 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.05.2013 10:45:54 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.05.2013 10:59:16 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.05.2013 11:18:04 | Computer Name = Jennifer-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2013 um 17:11:57 unerwartet heruntergefahren.
 
Error - 29.05.2013 17:40:05 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 29.05.2013 17:56:46 | Computer Name = Jennifer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.05.2013 05:40:49 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
Vielen Dank im Voraus.

Gruß
Sere

 

Themen zu Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.
adobe, antivir, avg, avira, beseitigung, bho, branding, defender, error, explorer, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, opera, plug-in, richtlinie, rundll, safer networking, scan, security, senden, software, svchost.exe, udp, windows


« Iminent lässt sich nicht deinstallieren | CPU-Auslastung von meinem Laptop sehr hoch! »


Ähnliche Themen: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.


  1. Trojaner tr/atraps.gen2 und tr/sirefef.abx befall
    Log-Analyse und Auswertung - 09.10.2013 (3)
  2. XP Sirefef Befall - Datenrettung
    Plagegeister aller Art und deren Bekämpfung - 27.01.2013 (3)
  3. Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (32)
  4. doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall
    Mülltonne - 17.06.2012 (0)
  5. TR/Sirefef.AG.35 & TR/ATRAPS.Gen2 & TR/Kazy.74224.jh
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  6. TR/Sirefef BV 2 Befall auf .dll Dateien im System
    Log-Analyse und Auswertung - 24.04.2012 (13)
  7. Trojanische Pferd TR/Drop.Sirefef.but in Qurantäne gesetzt kann ich mein laptop wieder nutzen?
    Log-Analyse und Auswertung - 18.04.2012 (21)
  8. tr/sirefef.bv.2 Befall
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (40)
  9. Befall von Trojaner sirefef.k +.d +.e Was tun?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (11)
  10. Befall von Trojaner sirefef.k +.d +.e
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (11)
  11. Sirefef.D + Sirefef.E +Sirefef.K Befall
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (1)
  12. Trojaner-Befall durch Trojan:Win64/Sirefef.k .d .e
    Log-Analyse und Auswertung - 03.01.2012 (1)
  13. TR/Drop.Fignotok.24 Befall
    Log-Analyse und Auswertung - 28.11.2011 (1)
  14. TR/Kazy.mekml.1 - Befall
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (29)
  15. TR/kazy.mekml.1 Befall
    Log-Analyse und Auswertung - 16.05.2011 (46)
  16. Tr/Kazy.mehml Befall
    Log-Analyse und Auswertung - 06.05.2011 (1)
  17. Troja Befall? (TR/Spy.Ardamax.H.5 + KIT/Drop.Ag.2015003)
    Log-Analyse und Auswertung - 18.06.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Guten Tag, mein Antivir hat gestern den Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7 gemeldet. Beide wurden in die Quarantäne von Antivir verschoben. Ich benötige Unterstützung bei der Beseitigung der Schädlinge. Gemäß - Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten....
Archiv
Du betrachtest: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131