Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner auf Windows7 Starter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.09.2012, 22:28   #1
lisaaa35
 
BKA-Trojaner auf Windows7 Starter - Standard

BKA-Trojaner auf Windows7 Starter



Hallo.
Ich habe mir irgendwie einen Virus eingefangen und hoffe auf Hilfe beim Entfernen. LG Lisa


OTL logfile created on: 9/8/2012 11:10:26 PM - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\lisa\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014.18 Mb Total Physical Memory | 463.30 Mb Available Physical Memory | 45.68% Memory free
1.99 Gb Paging File | 1.52 Gb Available in Paging File | 76.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.86 Gb Free Space | 55.86% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 1.13 Gb Free Space | 0.96% Space Free | Partition Type: NTFS

Computer Name: MINERVA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

OTL Extras logfile created on: 9/8/2012 11:10:26 PM - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\lisa\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014.18 Mb Total Physical Memory | 463.30 Mb Available Physical Memory | 45.68% Memory free
1.99 Gb Paging File | 1.52 Gb Available in Paging File | 76.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.86 Gb Free Space | 55.86% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 1.13 Gb Free Space | 0.96% Space Free | Partition Type: NTFS

Computer Name: MINERVA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days





========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]


========== Processes (SafeList) ==========

PRC - C:\Users\lisa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

Alt 09.09.2012, 01:43   #2
t'john
/// Helfer-Team
 
BKA-Trojaner auf Windows7 Starter - Standard

BKA-Trojaner auf Windows7 Starter





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 09.09.2012, 13:12   #3
lisaaa35
 
BKA-Trojaner auf Windows7 Starter - Standard

BKA-Trojaner auf Windows7 Starter



So, hier sind die Files:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/9/2012 1:52:06 PM - Run 3
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\lisa\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 84.46 Mb Available Physical Memory | 8.33% Memory free
1.99 Gb Paging File | 1.20 Gb Available in Paging File | 60.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.93 Gb Free Space | 55.93% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 1.13 Gb Free Space | 0.96% Space Free | Partition Type: NTFS
 
Computer Name: MINERVA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\lisa\Downloads\OTL(3).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (lxbv_device) -- C:\Windows\System32\lxbvcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=9a9ad450000000000000bcaec504ff7a
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9a9ad450000000000000bcaec504ff7a&tlver=1.4.35.10&affID=100474"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 21:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/27 20:11:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/06 21:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/12/29 18:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011/12/13 19:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9j4g2jn6.default\extensions
[2011/12/13 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9J4G2JN6.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2011/03/05 14:21:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/03 21:29:41 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/03/05 14:21:59 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/05 14:21:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/05 14:22:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/05 14:22:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\..\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000..\Run: [Facebook Update] C:\Users\lisa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2185774851-2232238861-1239294423-500..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2185774851-2232238861-1239294423-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB49CD89-EA06-43FB-826E-346B931D913F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEF2A115-8F82-4D67-8199-AE1A0FF98F75}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030/01/01 13:47:07 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/09/09 10:19:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/08 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/09/08 22:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/08 22:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/08 22:54:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/08 22:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/27 20:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/27 20:11:03 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/08/27 20:11:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/08/27 20:10:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/08/27 20:10:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/08/27 20:10:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/08/15 14:20:46 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012/08/15 13:48:51 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/08/15 13:48:49 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/08/15 13:48:49 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2012/08/15 13:48:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/15 13:48:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/08/15 13:48:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/08/15 13:48:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/08/15 13:48:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/15 13:48:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/15 13:48:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/08/15 13:48:31 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/08/15 13:48:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/15 13:48:07 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/08/15 13:40:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/09 13:17:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/09 13:16:50 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 10:20:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/09 10:19:30 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/08 22:42:16 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/08 21:11:04 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2185774851-2232238861-1239294423-1000UA.job
[2012/09/08 18:01:38 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 18:01:38 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 17:32:40 | 000,694,430 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2012/09/07 17:32:40 | 000,691,192 | ---- | M] () -- C:\windows\System32\perfh013.dat
[2012/09/07 17:32:40 | 000,689,108 | ---- | M] () -- C:\windows\System32\perfh010.dat
[2012/09/07 17:32:40 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/07 17:32:40 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/07 17:32:40 | 000,132,940 | ---- | M] () -- C:\windows\System32\perfc013.dat
[2012/09/07 17:32:40 | 000,130,140 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2012/09/07 17:32:40 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/07 17:32:40 | 000,127,144 | ---- | M] () -- C:\windows\System32\perfc010.dat
[2012/09/07 17:32:40 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/08/27 20:09:57 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/08/27 20:09:38 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/08/27 20:09:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/08/27 20:09:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/08/27 20:09:27 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/08/27 20:09:27 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/08/25 21:31:44 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2185774851-2232238861-1239294423-1000Core.job
[2012/08/16 20:18:30 | 000,403,680 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2030/01/01 13:47:08 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012/09/09 10:19:30 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/08 22:04:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/05/12 13:58:31 | 000,323,584 | ---- | C] ( ) -- C:\windows\System32\LXBVhcp.dll
[2012/05/12 13:58:31 | 000,274,432 | ---- | C] () -- C:\windows\System32\LXBVinst.dll
[2012/05/12 13:58:30 | 000,413,696 | ---- | C] () -- C:\windows\System32\lxbvutil.dll
[2012/05/12 13:58:30 | 000,413,696 | ---- | C] ( ) -- C:\windows\System32\lxbvinpa.dll
[2012/05/12 13:58:30 | 000,397,312 | ---- | C] ( ) -- C:\windows\System32\lxbviesc.dll
[2012/05/12 13:58:29 | 000,995,328 | ---- | C] ( ) -- C:\windows\System32\lxbvusb1.dll
[2012/05/12 13:58:28 | 001,224,704 | ---- | C] ( ) -- C:\windows\System32\lxbvserv.dll
[2012/05/12 13:58:28 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\lxbvprox.dll
[2012/05/12 13:58:27 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxbvpmui.dll
[2012/05/12 13:58:27 | 000,585,728 | ---- | C] ( ) -- C:\windows\System32\lxbvlmpm.dll
[2012/05/12 13:58:27 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\lxbvpplc.dll
[2012/05/12 13:58:26 | 000,696,320 | ---- | C] ( ) -- C:\windows\System32\lxbvhbn3.dll
[2012/05/12 13:58:26 | 000,385,968 | ---- | C] ( ) -- C:\windows\System32\lxbvih.exe
[2012/05/12 13:58:24 | 000,684,032 | ---- | C] ( ) -- C:\windows\System32\lxbvcomc.dll
[2012/05/12 13:58:24 | 000,537,520 | ---- | C] ( ) -- C:\windows\System32\lxbvcoms.exe
[2012/05/12 13:58:24 | 000,421,888 | ---- | C] ( ) -- C:\windows\System32\lxbvcomm.dll
[2012/05/12 13:58:23 | 000,381,872 | ---- | C] ( ) -- C:\windows\System32\lxbvcfg.exe
[2011/03/21 19:11:26 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/12/30 17:34:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/29 18:27:47 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/12/29 16:17:09 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/12/29 15:56:16 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2010/12/29 15:39:46 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010/12/29 15:39:46 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/01/31 13:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2009/04/14 18:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:E6E9EB6C
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0968E571
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C25C9263
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:393F7B1E
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:742F1EE5
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2EB79F01
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D9F6664C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FB647F34
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5AE33054
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:593E515D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:CDB75348
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6FDE1666
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0988A428
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B722BCE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E6D148BC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CFF6B3FF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90108DD7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9950163C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AE9351E0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C5DC2B0C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:159A493A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A0C7D68A

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/9/2012 1:52:06 PM - Run 3
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\lisa\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 84.46 Mb Available Physical Memory | 8.33% Memory free
1.99 Gb Paging File | 1.20 Gb Available in Paging File | 60.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.93 Gb Free Space | 55.93% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 1.13 Gb Free Space | 0.96% Space Free | Partition Type: NTFS
 
Computer Name: MINERVA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\lisa\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2185774851-2232238861-1239294423-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18AF8FE5-5D29-45CB-8B9B-BF0972A58294}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{652332C3-15A5-45BC-B6FF-23FF4A761A54}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E72B3FB-D873-44E9-B0BE-DFF9C2640222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A38E5F96-1894-418F-943E-3029785CB50E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E5822EB2-61D6-4419-8652-928275D9625F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5C4692AE-61A1-4039-AD24-8DA2E27C8C41}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{73F45AA2-31FE-4EAE-9056-594B82D51BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D63B935-996C-40B5-8AF6-19007C243EA9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{8152DC5B-8EF8-4897-914F-1C8CEB9BEE7B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8ADF0B97-2DBA-4C4A-B504-71F6375AEBEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8AEC1226-200C-4DCE-B48A-9E251A3FCCBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8E0F7257-E820-45E1-B91C-22BE042EEEE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AAFB1EEC-B931-4882-8E8B-FF33084639FF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B0330F88-6941-4A08-BBEA-DB9551004D8F}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe | 
"{B4F40632-3E75-4F66-984E-15CAADE81F70}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe | 
"{B620C806-8D25-4775-AE81-280DABB5F4E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BB7995AC-E072-4F95-A626-B134DA077A62}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C5A62B29-CFD8-4E88-91C2-7CE628E1624B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F95FB33D-55B6-4848-90E8-8F2B6E37C289}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{00D0D1FB-325E-4D98-8877-D26669641A1E}C:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{2B5EE638-76C3-4E49-BE6A-38203D3B594E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"TCP Query User{5317F2F8-B1B7-4AC7-990B-E5BC96A0BAC5}C:\users\lisa\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\icq\application\icq7.2\icq.exe | 
"TCP Query User{BA170E5B-3974-4BE7-A23F-9EBC1F7B4C3C}C:\users\lisa\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\icq\application\icq7.6\icq.exe | 
"UDP Query User{4EC28C79-418F-4BF4-8202-E26EA2BE3FEF}C:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{66E947EB-CED9-4282-8202-C64F480C739A}C:\users\lisa\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\icq\application\icq7.2\icq.exe | 
"UDP Query User{8BE3A2C3-FA76-4D0D-9632-C713A5E72029}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"UDP Query User{C512A986-3B84-4F90-AB12-FA9D497B6D77}C:\users\lisa\appdata\roaming\icq\application\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\icq\application\icq7.6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{175A6242-01B3-4B0F-9DD8-FA8590BEC759}" = Anvil Studio 2011
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34b2530c-6349-4292-9dc3-60bda4aed93c}" = Python 3.2.1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.7.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Lexmark 2200 Series" = Lexmark 2200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2185774851-2232238861-1239294423-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/29/2012 12:23:58 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5585
 
Error - 1/29/2012 12:23:58 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5585
 
Error - 1/29/2012 12:24:00 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/29/2012 12:24:00 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6879
 
Error - 1/29/2012 12:24:00 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6879
 
Error - 1/29/2012 1:02:12 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/29/2012 1:02:12 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2299283
 
Error - 1/29/2012 1:02:12 PM | Computer Name = minerva | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2299283
 
Error - 1/29/2012 1:10:02 PM | Computer Name = minerva | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 1/29/2012 4:16:28 PM | Computer Name = minerva | Source = MsiInstaller | ID = 1023
Description = 
 
[ System Events ]
Error - 9/9/2012 5:42:27 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 5:42:38 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 5:42:50 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 5:42:53 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 7:14:55 AM | Computer Name = minerva | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 9/9/2012 7:17:17 AM | Computer Name = minerva | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AsUpIO  aswSnx  aswSP  aswTdi  cdrom  discache  spldr  Wanarpv6
 
Error - 9/9/2012 7:17:25 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 7:17:34 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 7:17:42 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
Error - 9/9/2012 7:17:43 AM | Computer Name = minerva | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 09.09.2012, 23:06   #4
t'john
/// Helfer-Team
 
BKA-Trojaner auf Windows7 Starter - Standard

BKA-Trojaner auf Windows7 Starter



Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.04.2013, 17:01   #5
t'john
/// Helfer-Team
 
BKA-Trojaner auf Windows7 Starter - Standard

BKA-Trojaner auf Windows7 Starter



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu BKA-Trojaner auf Windows7 Starter
administrator, avast, bka bundeskriminalamt trojaner, bka-trojaner 1.15 win7, c:\windows, code, data, edition, eingefangen, explorer, explorer.exe, extension, firefox, format, logfile, microsoft, mozilla, pagefile.sys, registry, scan, software, tools, total, version, virus, windows




Ähnliche Themen: BKA-Trojaner auf Windows7 Starter


  1. Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert
    Log-Analyse und Auswertung - 15.09.2014 (9)
  2. Trojaner-Verdacht: Microsoft Office Starter Update
    Log-Analyse und Auswertung - 23.08.2014 (7)
  3. Netbook mit Windows 7 Starter - DoSearches und weitere Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (3)
  4. Windows7, Trojaner
    Log-Analyse und Auswertung - 14.12.2013 (9)
  5. Netbook mit Windows 7 Starter von Fedpol/BKA Trojaner befallen.
    Log-Analyse und Auswertung - 16.09.2013 (18)
  6. Windows 7 Starter: Avira Trojaner-Fund lässt sich nicht beseitigen (Atraps.Gen2)
    Log-Analyse und Auswertung - 06.09.2013 (21)
  7. GVU Trojaner auf Netbook Windows 7 Starter, Kaspersky findet nichts!
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (51)
  8. GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
    Log-Analyse und Auswertung - 06.08.2013 (13)
  9. GVU Trojaner, Windows7
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  10. Gvu Trojaner windows7
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  11. Windows 7 Starter (Netbook) GVU-Trojaner mit OTL beseitigen
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (8)
  12. BKA Trojaner 1.13 Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  13. DVU Trojaner auf eeePC/Windows 7 Starter (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 19.07.2012 (5)
  14. Trojaner entfernen nicht möglich mit Netbook / Win 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (15)
  15. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  16. BKA Trojaner auf Netbook mit Win7 Starter
    Log-Analyse und Auswertung - 15.05.2011 (9)
  17. TR/Starter.E
    Plagegeister aller Art und deren Bekämpfung - 01.03.2006 (3)

Zum Thema BKA-Trojaner auf Windows7 Starter - Hallo. Ich habe mir irgendwie einen Virus eingefangen und hoffe auf Hilfe beim Entfernen. LG Lisa OTL logfile created on: 9/8/2012 11:10:26 PM - Run 1 OTL by OldTimer - - BKA-Trojaner auf Windows7 Starter...
Archiv
Du betrachtest: BKA-Trojaner auf Windows7 Starter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.