Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: (2x) Gesten sirefef gefunden - jetzt weg oder nicht?

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 10.07.2012, 11:45   #1
nicedaytoday
 
(2x) Gesten sirefef gefunden - jetzt weg oder nicht? - Standard

(2x) Gesten sirefef gefunden - jetzt weg oder nicht?



Hallo,

ich geb zu: habe gestern schon gepostet, hatte aber nur die Goldenen Regeln gelesen und nicht Schritt 2 (Systeminfos).

Gestern schrieb mein Mailprovider, dass von meinem Zugang aus Spam-Mail versendet worden ist (Zitat: "Wichtig - Die Spam-Mails wurden nicht mit einem herkömmlichen E-Mail-Programm versendet und haben auch nichts mit ihrem Postfach oder ihrer E-Mail-Adresse zu tun, sondern ausschließlich mit der Einwahl.")

Ich überprüfte meine Einstellungen - Firewall war deaktiviert, ließ sich nicht mehr aktivieren, Microsoft Security Essentials ließ sich nicht aktualisieren -> habe mse deinstalliert, neu installiert, laufen lassen und konnte grade noch erkennen, dass ein Trojaner namens sirefef gefunden worden war (Erweiterung konnte ich nicht mehr notieren). Dann erfolgte ein Neustart.

Das Spiel "Hochfahren -> erzwungener Neustart nach einer Minute" konnte ich erst im abgesicherten Modus durch Systemwiederherstellung auf früheren Zeitpunkt unterbrechen und dann den Sophos Anti-Rootkit drüberlaufen lassen.



Jetzt scheint alles wieder zu laufen - aber wirklich beruhigt kann man da wohl nicht sein?

Hab jetzt Eure Anleitung befolgt.

Defogger lieferte eine defogger_disable:

Code:
ATTFilter
efogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:50 on 10/07/2012 (NoAdmin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Hier ist die otl.txt:

Code:
ATTFilter
 OTL logfile created on: 10.07.2012 10:26:46 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\NoAdmin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 47,34% Memory free
5,73 Gb Paging File | 4,12 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 228,09 Gb Free Space | 80,48% Space Free | Partition Type: NTFS
 
Computer Name: MARIT-PC | User Name: NoAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.10 10:24:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\NoAdmin\Desktop\OTL.exe
PRC - [2012.06.27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.04.05 15:01:56 | 000,135,168 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nalserv.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2011.12.07 19:18:12 | 000,400,384 | ---- | M] (SDL) -- C:\Programme\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe
PRC - [2011.11.11 11:44:42 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.09.15 21:07:33 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010.09.15 21:07:33 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010.09.15 21:07:29 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010.07.26 02:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.06.03 22:40:00 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2010.05.20 02:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010.04.06 22:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.04.06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010.01.15 17:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.11.30 05:41:08 | 000,060,928 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe
PRC - [2009.11.04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.20 16:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.10.20 16:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.20 16:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.07.22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.07.20 12:01:00 | 000,760,120 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009.05.13 00:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
PRC - [2007.11.19 11:19:00 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 16:07:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.13 16:06:59 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012.06.13 16:06:46 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.13 16:06:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.06.13 16:06:37 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll
MOD - [2012.06.13 16:06:32 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012.05.13 11:32:48 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\496033ebd93c3381e4ba09486bf23cc3\System.Xml.Linq.ni.dll
MOD - [2012.05.13 11:31:46 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012.05.13 11:30:43 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
MOD - [2012.05.13 11:30:40 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll
MOD - [2012.05.13 11:30:06 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
MOD - [2012.05.11 16:15:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 16:14:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 16:14:06 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.11 16:13:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.11 16:13:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.11 16:13:48 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.11 16:13:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.20 16:12:10 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 10:47:16 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.09 17:14:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.02 17:06:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 15:01:56 | 000,135,168 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nalserv.exe -- (NalServ)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.10 04:00:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.11.11 11:44:42 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACROSS) SQL Server (ACROSS)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.15 21:07:33 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010.06.03 22:40:00 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2010.04.06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.30 05:41:08 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.11.04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.10.20 16:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2009.05.13 00:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\D5E4.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\NoAdmin\AppData\Local\Temp\fgloypod.sys -- (fgloypod)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.06.28 19:21:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:21:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.08 14:22:03 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.09.15 23:51:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.09.15 21:07:29 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010.04.06 22:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.02.03 00:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009.12.07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.07 20:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.26 14:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.10.12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.06.30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009.06.15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.05.28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {DA639E36-C4BB-4EE9-A6D3-8C89419F1657}
IE - HKLM\..\SearchScopes\{DA639E36-C4BB-4EE9-A6D3-8C89419F1657}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.09.15 21:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.09 16:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.07 17:52:24 | 000,000,000 | ---D | M]
 
[2012.07.10 08:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoAdmin\AppData\Roaming\mozilla\Extensions
[2012.07.09 16:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.09 16:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.05.02 17:06:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 13:44:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 13:44:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 13:44:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 13:44:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 13:44:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 13:44:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5370780B-8FF8-4AC0-B5AF-339D6C67292F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ED6080F-DC10-44C6-9586-E4A19F934C7A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A24E6AA-6874-4075-8D0D-31277AE36F92}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D6CCCE7-B078-4A76-880B-6C969053931B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE5BC9A-37E6-482B-A68D-EB7089769570}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.10 10:24:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\NoAdmin\Desktop\OTL.exe
[2012.07.10 09:19:39 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\SDL
[2012.07.10 09:19:39 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\SDL
[2012.07.10 08:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.10 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Macromedia
[2012.07.10 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Macromedia
[2012.07.10 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Adobe
[2012.07.10 08:31:32 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Mozilla
[2012.07.10 08:31:32 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Mozilla
[2012.07.10 08:16:57 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Documents\Documents
[2012.07.10 08:15:28 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Desktop\Desktop
[2012.07.10 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Broadcom
[2012.07.10 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\Documents\Bluetooth-Exchange-Ordner
[2012.07.10 07:58:59 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Apple Computer
[2012.07.10 07:58:48 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.10 07:58:48 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Searches
[2012.07.10 07:58:48 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.10 07:58:41 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Identities
[2012.07.10 07:58:39 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Contacts
[2012.07.10 07:58:36 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\VirtualStore
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Vorlagen
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\AppData\Local\Verlauf
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\AppData\Local\Temporary Internet Files
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Startmenü
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\SendTo
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Recent
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Netzwerkumgebung
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Lokale Einstellungen
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Documents\Eigene Videos
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Documents\Eigene Musik
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Eigene Dateien
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Documents\Eigene Bilder
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Druckumgebung
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Cookies
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\AppData\Local\Anwendungsdaten
[2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Anwendungsdaten
[2012.07.10 07:58:34 | 000,000,000 | --SD | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Videos
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Saved Games
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Pictures
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Music
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Links
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Favorites
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Downloads
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Documents
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Desktop
[2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.10 07:58:34 | 000,000,000 | -H-D | C] -- C:\Users\NoAdmin\AppData
[2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Temp
[2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Microsoft Help
[2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Microsoft
[2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Media Center Programs
[2012.07.09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.06.21 12:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
[2012.06.20 08:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.20 07:56:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.19 10:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 14
[2012.06.19 10:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner
[2012.06.15 14:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.10 10:24:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\NoAdmin\Desktop\OTL.exe
[2012.07.10 10:23:29 | 000,000,000 | ---- | M] () -- C:\Users\NoAdmin\defogger_reenable
[2012.07.10 10:22:07 | 000,050,477 | ---- | M] () -- C:\Users\NoAdmin\Desktop\Defogger.exe
[2012.07.10 10:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.10 09:24:22 | 000,302,592 | ---- | M] () -- C:\Users\NoAdmin\Desktop\vnj9iq65.exe
[2012.07.10 08:30:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 08:30:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 08:27:10 | 000,767,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.10 08:27:10 | 000,723,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.10 08:27:10 | 000,173,756 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.10 08:27:10 | 000,146,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.10 08:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 08:22:28 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 07:59:19 | 000,002,527 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.07.10 07:59:19 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!DSL Startcenter.lnk
[2012.06.19 10:49:38 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14 FREE.lnk
[2012.06.13 16:04:24 | 000,402,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.10 10:23:29 | 000,000,000 | ---- | C] () -- C:\Users\NoAdmin\defogger_reenable
[2012.07.10 10:22:07 | 000,050,477 | ---- | C] () -- C:\Users\NoAdmin\Desktop\Defogger.exe
[2012.07.10 09:24:22 | 000,302,592 | ---- | C] () -- C:\Users\NoAdmin\Desktop\vnj9iq65.exe
[2012.07.10 07:58:49 | 000,001,411 | ---- | C] () -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.19 10:49:38 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14 FREE.lnk
[2012.05.03 13:24:35 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2012.04.23 13:05:29 | 000,000,351 | ---- | C] () -- C:\Windows\keytrans.ini
[2012.04.23 13:05:02 | 000,006,870 | ---- | C] () -- C:\Windows\Keytran1.ini
[2012.04.23 13:05:02 | 000,002,762 | ---- | C] () -- C:\Windows\KEYTRAN2.INI
[2012.01.12 08:46:49 | 000,002,048 | -HS- | C] () -- C:\Users\Marit\AppData\Local\{fd474600-ee11-a58f-de7e-8250ebb69c16}\@
[2011.01.08 15:12:09 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL
[2010.11.09 17:27:28 | 000,000,161 | ---- | C] () -- C:\Windows\BUHL.INI
[2010.10.11 09:19:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.09.15 21:13:40 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.09.15 21:07:39 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.08.01 07:27:33 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.08.01 04:40:06 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.08.01 04:40:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.01 04:40:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.01 04:40:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.08.01 04:40:05 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.01 04:40:03 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.01 04:40:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2012.07.10 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\NoAdmin\AppData\Roaming\SDL
[2012.06.04 12:14:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
extra.txt:

Code:
ATTFilter
OTL Extras logfile created on: 10.07.2012 10:26:46 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\NoAdmin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 47,34% Memory free
5,73 Gb Paging File | 4,12 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 228,09 Gb Free Space | 80,48% Space Free | Partition Type: NTFS
 
Computer Name: MARIT-PC | User Name: NoAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054A843F-DA38-4E2B-A896-696B33052179}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0599D4CB-C683-4A9C-80F0-7A233926C984}" = rport=137 | protocol=17 | dir=out | app=system | 
"{09AF8F86-3275-4ABE-B0C7-D0009767E04A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{17ACE4F6-5B32-4294-9DE2-8D1895CB9286}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28DDC23E-76E0-4CA1-8D64-A6584BC8A5BD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{33B987A0-8A40-4DD7-BF0A-497570B668D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{401D7DC3-BC3A-44D0-9993-54D2F3F720BC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{421C1915-85FB-4DB8-8208-65D46EC07F70}" = rport=139 | protocol=6 | dir=out | app=system | 
"{52369A8E-E368-482D-8C83-60A452D10ED5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5AC43146-A9AB-4CE8-B6D6-EA3C7BD47AF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{625E44F9-4097-4660-AB29-17DDCFE2BB70}" = lport=445 | protocol=6 | dir=in | app=system | 
"{66D64D93-727A-47C0-B907-166A5353E1C3}" = lport=9100 | protocol=6 | dir=in | name=erste regel drucker | 
"{679D7A5B-81F1-44B0-9F41-805BEE953D4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{727F9855-4045-4F49-AF01-E28455B615E5}" = lport=2066 | protocol=6 | dir=in | name=zweite regel drucker | 
"{83900492-4B28-435D-BC78-628913D54E58}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{86660026-9A68-4798-BBF1-D0D820685DAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{86CF496C-EB2C-499F-9EE4-31BCD19CD6FF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{872E8578-60A2-43BF-8139-5C9AB66E13C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F9278EE-CF4B-47BC-9C5E-DA969707AE5F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A62C4891-562F-4949-A661-E854AE125CE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AC0C382D-564E-42F1-8CED-85DC929DD297}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{B5A17828-E961-4C2E-94A8-AC50122FD253}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA57CD50-ECDF-47FF-9CA9-DD7F0965995B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C08094A0-29C1-4A4E-A716-F7DEF970A5B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D402B9BC-E3CD-4E09-8DD3-342A7B8505F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D892207C-159D-43BC-AC9F-FCE906D2110E}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
"{E6DAC439-480B-44D2-A772-E7CFC1BC5410}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED01E019-3A8F-41CE-BAEE-C90E9351F2A6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5BF9B4D-CA26-43E2-8DA9-413CF70AEB35}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F741C55E-CACE-443E-9BA9-D07DC61D15C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07777BC2-6A43-4370-953A-C0EC8FBB7745}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10C390E5-D7E7-4956-98A2-96A2ED2A68D2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{17C6EB15-574A-42EE-8604-DDA4576C9724}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe | 
"{1B643599-F465-440D-B100-771D32C043FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{21953B3A-9F41-47EE-8D89-05A8C8D4096E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{25D3EC04-A41B-4F61-9C07-41B17A47BE92}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe | 
"{2EFE61B6-5B54-4A00-9145-356160395FCD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2FE67BAC-4A02-41E5-A33F-34944C30A28C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31239DEF-322B-40ED-AC76-9479A1FFE3B5}" = protocol=6 | dir=out | app=system | 
"{313BC96A-4B43-4CE1-9294-4C73E18CDCF5}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{40FB20BB-CC2B-480B-99CB-E160E9DE818F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{451868AB-E92E-4F14-B757-AC32153962B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4718B71C-1126-4B11-873C-186D7D5FDDC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DAAE1E3-088C-41F2-AE28-6A92BB6F269C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4EDF809A-DA18-4263-9848-65648A556CE0}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{52901668-4D5C-4E9C-8B36-ABD1527DA8AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52926378-1BAB-4FF1-9413-9991AA375556}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{55330478-5C8F-4EC0-9AC5-3A51E227C86F}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{59AE6153-2FB4-4157-950F-37738AEF6E35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B16D48D-240E-4652-8B8D-74C06BA979C6}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{5B933FEF-B54A-4432-8A8E-2C8C56C515EB}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{6070323B-15E4-4075-ACF6-04657F82D1EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A25DC14-18A8-4899-AD77-480765D27883}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6B132403-D192-436B-8FC5-92AA66A889EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7337668E-7653-404B-9966-437E68F80245}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8715999F-9A9A-4840-A738-867536FE93FF}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{8ADE8F38-2CDB-459D-A982-CDFA3B4C830E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{8F436003-66F9-4F1F-918C-346DB304DD3D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{91A05394-FCC8-41EF-8D26-BCBEEB7FF85D}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe | 
"{93DD3199-44F0-4004-8DEC-B4A5FC47F9AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9538CD0D-A9FC-42AE-B3E0-EC333312A226}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{95769600-67EE-4A0A-82B0-BF229DB64927}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{98FE7F34-4D9D-45C7-A040-BD1098ACE2ED}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{9C893CDD-B004-4200-A4B4-1515C1A58765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9F4911FF-D20A-4653-A76A-F97B4CBD57BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B2AD4D5D-2DBD-4A87-B08E-E6050198F769}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{BA72EEBE-7660-47BB-958E-F94BC48E8C48}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{EAD3A3A3-B444-4202-BFF9-907B4D02118B}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{F4C705DF-9E77-4741-81E2-0D6CDDA9AFD9}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe | 
"{FD684FF7-395D-4909-BEF5-E8275FCDDE79}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{FD916EBD-2B3D-4821-9D8B-599E315377FF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"TCP Query User{F39CFFCD-4AD3-4252-B638-49E75E11C4BE}C:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe" = protocol=6 | dir=in | app=c:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe | 
"UDP Query User{BDB19883-44EA-49F1-B0DD-D3B0533EAA2A}C:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe" = protocol=17 | dir=in | app=c:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{16FA02A4-D3A6-4993-AE26-3A98B243D2AE}" = SDL Passolo Essential 2011 SP4
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20095281-20D1-48DB-A311-53D2356F6B04}" = SDL MultiTerm 2011 SP1 Desktop
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{275B5BB8-EE6E-4DC2-A805-7D909A48E41C}" = SDL MultiTerm 2011 SP1 Core
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACROSS)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C38D421-BC10-4C08-92AB-6C0C8D834275}" = Across Personal Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9B30F0-7489-42EE-BB01-50DEBA17E37F}" = SDL MultiTerm 2011 SP1 Widget
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}" = SDL Trados Compatibility module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EEEF699-0D23-4538-8929-DF27656964FE}" = SDL Trados Studio 2011 SP1
"{9FCB6355-689E-4141-9714-3EEC2AE10292}" = Validity Sensors DDK
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D40E651E-F9C9-42DE-A585-739322181ECA}" = SDL MultiTerm 2011 SP1 Word Integration
"{D6633B6E-DF62-4C9D-B73C-D85F7C53F022}" = SDL MultiTerm 2011 SP1 Convert
"{DBF16333-986E-4026-8692-6DC15F79EB22}" = SDL MultiTerm 2011 SP1 Administrator
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alte und neue Schulschriften" = Alte und neue Schulschriften
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card Utility" = DW WLAN Card Utility
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IntelliWebSearch" = IntelliWebSearch v.3
"IrfanView" = IrfanView (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"Multiterm2011" = SDL MultiTerm 2011 SP1 - Remove suite of products
"NeroRecode!UninstallKey" = Nero Recode CE
"Netzmanager" = Netzmanager
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"phase-6" = phase-6 2.1.2.4a
"SynTPDeinstKey" = Dell Touchpad
"TIPP10_is1" = TIPP10 Version 2.1.0
"TranslationStudio2011" = SDL Trados 2011 SP1 - Remove suite of products
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZonerPhotoStudio14_DE_is1" = Zoner Photo Studio 14 FREE
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.07.2012 11:21:06 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.07.2012 06:31:35 | Computer Name = Marit-PC | Source = EventSystem | ID = 4622
Description = 
 
Error - 09.07.2012 09:10:22 | Computer Name = Marit-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der RPC-Server ist nicht verfügbar.  .
 
Error - 09.07.2012 09:15:14 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.07.2012 13:36:05 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.07.2012 13:42:53 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.07.2012 01:55:40 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.07.2012 02:00:07 | Computer Name = Marit-PC | Source = EventSystem | ID = 4622
Description = 
 
Error - 10.07.2012 02:27:33 | Computer Name = Marit-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Das Profilverzeichnis kann nicht gelöscht werden C:\Users\Temp. Dies
 liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm
 verwendet werden.      DETAIL - Das Verzeichnis ist nicht leer.  
 
Error - 10.07.2012 02:27:59 | Computer Name = Marit-PC | Source = EventSystem | ID = 4622
Description = 
 
Error - 10.07.2012 02:27:59 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 05.12.2010 22:08:10 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 03:08:09 - Fehler beim Herstellen der Internetverbindung.  03:08:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.12.2010 23:11:14 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 04:11:14 - Fehler beim Herstellen der Internetverbindung.  04:11:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.12.2010 16:15:37 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 21:15:37 - Fehler beim Herstellen der Internetverbindung.  21:15:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.12.2011 13:33:51 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 18:33:50 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 17.01.2012 22:37:11 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 03:37:11 - Fehler beim Herstellen der Internetverbindung.  03:37:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.01.2012 23:40:16 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 04:40:16 - Fehler beim Herstellen der Internetverbindung.  04:40:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.02.2012 22:04:31 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 03:04:31 - Fehler beim Herstellen der Internetverbindung.  03:04:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.02.2012 23:07:36 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 04:07:36 - Fehler beim Herstellen der Internetverbindung.  04:07:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 09.07.2012 14:23:47 | Computer Name = Marit-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.25
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 09.07.2012 14:23:51 | Computer Name = Marit-PC | Source = BROWSER | ID = 8020
Description = 
 
Error - 09.07.2012 14:29:02 | Computer Name = Marit-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.25
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 09.07.2012 14:30:47 | Computer Name = Marit-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.24  registriert werden. Der Computer mit IP-Adresse 192.168.178.25
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 10.07.2012 01:19:41 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.07.2012 01:19:42 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 10.07.2012 01:56:38 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.07.2012 01:56:39 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 10.07.2012 02:22:52 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.07.2012 02:22:53 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
 
< End of report >
         
Und gmer.txt:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-10 10:17:02
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.D005
Running: vnj9iq65.exe; Driver: C:\Users\NoAdmin\AppData\Local\Temp\fgloypod.sys


---- System - GMER 1.0.15 ----

SSDT            90EA8166                                                                                                                                           ZwCreateSection
SSDT            90EA816B                                                                                                                                           ZwSetContextThread
SSDT            90EA8107                                                                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                                          82E58599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                             82E7D092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                                                                                82E84990 4 Bytes  [66, 81, EA, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                                                                                82E84D30 4 Bytes  [6B, 81, EA, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                                                82E84E08 4 Bytes  [07, 81, EA, 90]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!free                                                           760E9894 5 Bytes  JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!malloc                                                         760E9CEE 5 Bytes  JMP 0A93BED0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!??3@YAXPAX@Z                                                   760EB0B9 5 Bytes  JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!??2@YAPAXI@Z                                                   760EB0C9 5 Bytes  JMP 0A93C140 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!realloc                                                        760EB10D 5 Bytes  JMP 0A93BF50 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!calloc                                                         760EC456 5 Bytes  JMP 0A93BF10 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_msize                                                         760EF43B 5 Bytes  JMP 0A93BF70 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_free                                                  76105942 5 Bytes  JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_malloc                                                7611028D 5 Bytes  JMP 0A93C080 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_offset_malloc                                         761102A9 5 Bytes  JMP 0A93C0A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z                             7613BFD1 5 Bytes  JMP 0A93C1D0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_offset_realloc                                        7613BFE1 5 Bytes  JMP 0A93C0E0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_realloc                                               7613C16B 5 Bytes  JMP 0A93C0C0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_expand                                                        7613C18A 5 Bytes  JMP 0A93C060 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapadd                                                       7613DD03 5 Bytes  JMP 0A93C220 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapchk                                                       7613DD17 5 Bytes  JMP 0A93C230 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapset + 1                                                   7613DE16 4 Bytes  JMP 0A93C251 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapmin                                                       7613DE1F 5 Bytes  JMP 0A93C320 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapused                                                      7613DF05 5 Bytes  JMP 0A93C2F0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text           C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapwalk                                                      7613DF18 5 Bytes  JMP 0A93C260 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                    [749F24FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                               [749D565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                              [749D5719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                     [749F2575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                           [749E85D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                             [749E4D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                            [749E5134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                           [749E5209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                  [749E6736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                            [749E8330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                       [749E887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                     [749E90E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                           [749EE283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                               [749E4CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000049                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000085                                                                                                                    bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000087                                                                                                                    bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cddabfe                                                                        
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cddabfe (not active ControlSet)                                                    

---- EOF - GMER 1.0.15 ----
         
Garantiert habe jetzt wieder etwas falsch gemacht - aber für den Fall, dass alles richtig war: könnt Ihr mir sagen, ob ich den sirefef losgeworden bin?

Oder schmeiß ich hier besser alles runter uns installiere neu?

Schon mal vielen Dank
nicedaytoday

Alt 12.07.2012, 20:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
(2x) Gesten sirefef gefunden - jetzt weg oder nicht? - Standard

(2x) Gesten sirefef gefunden - jetzt weg oder nicht?



Du hast hier schon einen Thread! => http://www.trojaner-board.de/118985-...nt-sicher.html
__________________

__________________

 

Themen zu (2x) Gesten sirefef gefunden - jetzt weg oder nicht?
antivir, antivir guard, autorun, avira, bho, bingbar, bonjour, converter, document, dsl, error, excel, fehler, firefox, flash player, home, install.exe, ip-adresse, locker, logfile, memory management, microsoft office word, mozilla, object, pdfforge toolbar, profilverzeichnis, registry, scan, searchscopes, security, server, svchost.exe, system error, trojaner, windows



Ähnliche Themen: (2x) Gesten sirefef gefunden - jetzt weg oder nicht?


  1. VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?
    Log-Analyse und Auswertung - 03.01.2014 (10)
  2. TrojanDropper:Win32/Sirefef.B -oder doch nicht
    Plagegeister aller Art und deren Bekämpfung - 19.10.2013 (3)
  3. Virus LyricsPal.exe gefunden und mit Avira entfernt. Ist der Rechner jetzt wieder sauber oder noch verseucht?
    Log-Analyse und Auswertung - 22.09.2013 (13)
  4. Login-Gesten unter Windows 8 sind berechenbar
    Nachrichten - 06.09.2013 (0)
  5. Aviraguard : malvare gefunden, 2 Viren oder unerwünschte Programme :TR/ATRAPS.gen2 und TR/Sirefef.AG.9´
    Log-Analyse und Auswertung - 01.05.2013 (9)
  6. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  7. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  8. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  9. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  10. Mehre Versionen der Trojaner Sirefef und Conedex gefunden. Löschbar oder Festplatte formatieren?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (9)
  11. Trojaner fakesysdef.506 eingefangen - jetzt beseitigt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (21)
  12. Backdoor trojaner, gestern bereinigt, jetzt nicht mehr da, oder doch noch?
    Log-Analyse und Auswertung - 20.02.2010 (1)
  13. Hab ich jetzt einen Virus oder nicht ?!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2009 (2)
  14. ist das jetzt ein Trojaner oder nicht
    Plagegeister aller Art und deren Bekämpfung - 26.12.2007 (3)
  15. Hab ich jetzt ein Wurm/Virus/PiPaPo oder nicht????
    Plagegeister aller Art und deren Bekämpfung - 01.12.2007 (3)
  16. Kostes Kaspkersky jetzt was oder nicht?
    Antiviren-, Firewall- und andere Schutzprogramme - 23.06.2006 (20)
  17. Bin ich jetzt sauber oder nicht?
    Log-Analyse und Auswertung - 31.07.2004 (1)

Zum Thema (2x) Gesten sirefef gefunden - jetzt weg oder nicht? - Hallo, ich geb zu: habe gestern schon gepostet, hatte aber nur die Goldenen Regeln gelesen und nicht Schritt 2 (Systeminfos). Gestern schrieb mein Mailprovider, dass von meinem Zugang aus Spam-Mail - (2x) Gesten sirefef gefunden - jetzt weg oder nicht?...
Archiv
Du betrachtest: (2x) Gesten sirefef gefunden - jetzt weg oder nicht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.