Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 Pro Bundestrojaner 1.13 entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.08.2012, 16:15   #1
maido
 
Win 7 Pro Bundestrojaner 1.13 entfernen - Standard

Win 7 Pro Bundestrojaner 1.13 entfernen



Hallo,

nach einigem Lesen habe ich die richtige Reihenfolge zur Beseitigung meines Trojaner gefunden.
Hiermit bitte ich um Hilfe zur Beseitigung des Bundestrojaner 1.13.

Anbei die benötigten Logs.

Ich würde mich über einen schnelle Hilfe freuen.

Gruß Maido

PS: Ich bekomme die Anhänge nicht dran. Kann mir jemand helfen??

Geändert von maido (11.08.2012 um 16:22 Uhr)

Alt 11.08.2012, 18:36   #2
markusg
/// Malware-holic
 
Win 7 Pro Bundestrojaner 1.13 entfernen - Standard

Win 7 Pro Bundestrojaner 1.13 entfernen



hi
evtl. logs packen und dann anhängen, oder einfach die texte reinkopieren
__________________

__________________

Alt 13.08.2012, 09:03   #3
maido
 
Win 7 Pro Bundestrojaner 1.13 entfernen - Standard

Win 7 Pro Bundestrojaner 1.13 entfernen



Hier die OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/11/2012 3:50:31 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\ah78480\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.95 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 48.09% Memory free
3.89 Gb Paging File | 3.01 Gb Available in Paging File | 77.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.83 Gb Total Space | 216.03 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 0.97 Gb Free Space | 11.77% Space Free | Partition Type: NTFS
Drive K: | 7.46 Gb Total Space | 1.88 Gb Free Space | 25.18% Space Free | Partition Type: FAT32
Drive L: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive Q: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive S: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive T: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive U: | 7.47 Gb Total Space | 0.93 Gb Free Space | 12.38% Space Free | Partition Type: FAT32
Drive Z: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
 
Computer Name: N7848CF082 | User Name: ah78480 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/11 15:30:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ah78480\Desktop\OTL.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2003/07/11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/08/07 08:48:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/22 17:32:55 | 001,430,024 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011/06/22 17:32:53 | 000,370,184 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2011/06/22 17:20:24 | 001,740,792 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\G DATA\AVKClient\AvkCl.exe -- (AntiVirusKit Client)
SRV - [2011/06/22 03:11:38 | 001,371,904 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\G DATA\AVKClient\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011/06/22 03:07:14 | 001,460,216 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G DATA\AVKClient\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010/08/21 03:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/19 15:46:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/24 21:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/24 21:29:38 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/10/02 19:43:52 | 000,161,072 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2008/10/02 19:43:04 | 000,132,400 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2008/10/02 19:42:22 | 000,267,568 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2007/07/24 21:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 05:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/08/11 15:28:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/07 08:57:14 | 000,052,600 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/10/18 12:34:45 | 000,079,224 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011/10/18 12:34:45 | 000,040,056 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011/10/18 12:34:45 | 000,039,800 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011/10/18 12:34:41 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011/05/05 00:18:50 | 000,266,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/07/28 01:24:40 | 000,260,640 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\fslx.sys -- (FSLX)
DRV - [2009/07/24 21:30:11 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/10/02 19:42:36 | 000,337,200 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/29 17:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008/07/29 17:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)
DRV - [2007/04/18 06:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://dlr.eu.nissan.biz/auth/Login?GAREASONCODE=-1&GARESOURCEID=isaWebSpherePortalPr&GAURI=hxxp://dlr.eu.nissan.biz/&Reason=-1&APPID=isaWebSpherePortalPr&URI=hxxp://dlr.eu.nissan.biz/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {5299E113-E158-4D76-A7BD-D479510DB6A6}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=c852efb80000000000000023242986b3
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKCU\..\SearchScopes\{5299E113-E158-4D76-A7BD-D479510DB6A6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=c852efb80000000000000023242986b3"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=c852efb80000000000000023242986b3&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2010/08/12 15:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/02 13:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2010/08/12 15:11:17 | 000,000,000 | ---D | M]
 
[2011/09/06 08:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ah78480\AppData\Roaming\mozilla\Extensions
[2011/09/05 13:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ah78480\AppData\Roaming\mozilla\Extensions\otscm-client@opentrust.com
[2012/02/06 17:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ah78480\AppData\Roaming\mozilla\Firefox\Profiles\ojuer0j6.default\extensions
[2012/03/02 13:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/02 13:06:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/06 17:21:36 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVK Client] C:\Program Files\G DATA\AVKClient\AVKCl.exe (G Data Software AG)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ScanSoft PDF Create! 4-reminder] C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\ah78480\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verkauf.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: tmme.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: toyota-europe.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: toyota-tdg.de ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: autohaus ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: azt-fahrzeuge.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internetzollanmeldung.de ([www.ausfuhrplus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: n7848sc1 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: tmme.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: toyota-europe.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: toyota-tdg.de ([]* in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A299690-66FC-4617-8C42-9C55A2466C9B}: NameServer = 10.161.46.22
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 14:26:23 | 000,000,309 | R--- | M] () - T:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/06/01 12:53:04 | 001,242,624 | ---- | M] () - Z:\Autoservice von A-Z.doc -- [ NTFS ]
O32 - AutoRun File - [2011/06/01 11:51:19 | 000,168,960 | ---- | M] () - Z:\Autoservice von A.doc -- [ NTFS ]
O33 - MountPoints2\{7974e44c-d797-11e0-b964-0023242986b3}\Shell - "" = AutoRun
O33 - MountPoints2\{7974e44c-d797-11e0-b964-0023242986b3}\Shell\AutoRun\command - "" = T:\LaunchU3.exe -- [2007/10/23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{c6b35dda-e028-11e0-aa9f-0023242986b3}\Shell - "" = AutoRun
O33 - MountPoints2\{c6b35dda-e028-11e0-aa9f-0023242986b3}\Shell\AutoRun\command - "" = N:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e68b17a7-5e0a-11e1-a4f4-0023242986b3}\Shell - "" = AutoRun
O33 - MountPoints2\{e68b17a7-5e0a-11e1-a4f4-0023242986b3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.nissan-bank-versichert.de
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\E\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\T\Shell - "" = AutoRun
O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\LaunchU3.exe -- [2007/10/23 09:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/11 15:30:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ah78480\Desktop\OTL.exe
[2012/08/11 15:28:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/11 15:24:52 | 000,000,000 | ---D | C] -- C:\Users\ah78480\AppData\Roaming\Malwarebytes
[2012/08/11 15:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/11 15:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/11 15:24:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/11 15:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/11 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\fjzcrtxkmoyermx
[2012/07/16 17:29:45 | 000,000,000 | ---D | C] -- C:\Users\ah78480\AppData\Roaming\IrfanView
[2012/07/16 17:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/07/13 12:11:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[2008/10/27 18:00:33 | 000,126,976 | ---- | C] (Tools & Components) -- C:\Program Files\sevTrayIcon.ocx
[2008/09/17 15:17:36 | 000,860,160 | ---- | C] (CPL GmbH) -- C:\Program Files\CPL-UpdateND.exe
[2008/09/12 14:29:02 | 000,729,088 | ---- | C] (Tools & Components) -- C:\Program Files\sevImLib.dll
[2008/09/12 14:29:02 | 000,379,392 | ---- | C] (Tools & Components) -- C:\Program Files\sevDataGrid2.ocx
[2008/09/12 14:29:02 | 000,331,776 | ---- | C] (Tools & Components) -- C:\Program Files\sevMail32.ocx
[2008/09/12 14:29:02 | 000,289,280 | ---- | C] (Tools & Components) -- C:\Program Files\sevEin20.ocx
[2008/09/12 14:29:02 | 000,240,128 | ---- | C] (Tools & Components) -- C:\Program Files\sevXPCtl.ocx
[2008/09/12 14:29:01 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Program Files\sevCmd32.ocx
[2008/09/12 14:29:01 | 000,147,968 | ---- | C] (Tools & Components) -- C:\Program Files\SEVCMD3.OCX
[2008/09/12 14:26:48 | 007,974,912 | ---- | C] (CPL GmbH) -- C:\Program Files\CPL-KalkulationND.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/11 15:36:36 | 000,657,650 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/08/11 15:36:36 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/11 15:36:36 | 000,131,040 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/08/11 15:36:36 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/11 15:30:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ah78480\Desktop\OTL.exe
[2012/08/11 15:28:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/11 15:24:42 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/11 15:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/11 15:15:53 | 1567,551,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/11 14:46:14 | 000,000,051 | ---- | M] () -- C:\ProgramData\ynpvkkfhydllofl
[2012/08/10 09:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 19:45:30 | 000,016,460 | ---- | M] () -- C:\Windows\netterm.ini
[2012/08/09 16:41:23 | 000,001,994 | -H-- | M] () -- C:\Users\ah78480\Documents\Default.rdp
[2012/08/09 12:29:01 | 000,003,748 | ---- | M] () -- C:\Windows\DATSD2.INI
[2012/08/08 15:56:49 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 15:56:49 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 08:48:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/07 08:48:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/26 13:12:45 | 000,000,840 | ---- | M] () -- C:\Users\ah78480\.recently-used.xbel
[2012/07/26 10:30:53 | 000,010,593 | ---- | M] () -- C:\Windows\CSTBox.INI
[2012/07/13 16:12:17 | 000,929,241 | ---- | M] () -- C:\Users\ah78480\Documents\LoaderBackup-(2012-07-13).ipd
[2012/07/13 16:11:56 | 013,850,200 | ---- | M] () -- C:\Users\ah78480\Documents\LoaderBackup-(2012-07-13).cab
[2012/07/13 12:15:27 | 000,773,660 | ---- | M] () -- C:\Users\ah78480\Desktop\TJ191.jpg
[2012/07/13 12:14:52 | 000,363,533 | ---- | M] () -- C:\Users\ah78480\Desktop\PrintMaintLSaspx.pdf
[2012/07/13 12:13:09 | 000,789,433 | ---- | M] () -- C:\Users\ah78480\Desktop\F585.jpg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/11 15:24:42 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/11 14:46:05 | 000,000,051 | ---- | C] () -- C:\ProgramData\ynpvkkfhydllofl
[2012/07/26 13:12:45 | 000,000,840 | ---- | C] () -- C:\Users\ah78480\.recently-used.xbel
[2012/07/13 16:12:17 | 000,929,241 | ---- | C] () -- C:\Users\ah78480\Documents\LoaderBackup-(2012-07-13).ipd
[2012/07/13 16:11:56 | 013,850,200 | ---- | C] () -- C:\Users\ah78480\Documents\LoaderBackup-(2012-07-13).cab
[2012/07/13 12:15:26 | 000,773,660 | ---- | C] () -- C:\Users\ah78480\Desktop\TJ191.jpg
[2012/07/13 12:13:08 | 000,789,433 | ---- | C] () -- C:\Users\ah78480\Desktop\F585.jpg
[2012/07/13 12:10:49 | 000,363,533 | ---- | C] () -- C:\Users\ah78480\Desktop\PrintMaintLSaspx.pdf
[2012/04/02 13:55:49 | 000,009,335 | ---- | C] () -- C:\Windows\System32\UpdateAction_30032012.exe.dmp
[2012/03/09 09:06:07 | 000,007,167 | ---- | C] () -- C:\Windows\System32\Upd20111125.exe.dmp
[2012/03/03 10:13:46 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/03/03 10:13:46 | 000,000,008 | RHS- | C] () -- C:\ProgramData\9AB4F229F1.sys
[2012/02/06 17:21:49 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/11/02 13:42:03 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/10/26 08:38:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2011/10/26 08:35:50 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2011/10/26 08:29:09 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/09/05 15:53:04 | 000,000,090 | ---- | C] () -- C:\Windows\verona.ini
[2011/04/06 08:00:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/30 16:15:19 | 000,003,748 | ---- | C] () -- C:\Windows\DATSD2.INI
[2011/03/30 15:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/03/30 15:44:22 | 000,016,460 | ---- | C] () -- C:\Windows\netterm.ini
[2011/03/30 15:41:49 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/09 06:09:43 | 000,657,650 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/03/09 06:09:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/03/09 06:09:43 | 000,131,040 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/03/09 06:09:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2008/10/31 11:03:10 | 015,310,848 | ---- | C] () -- C:\Program Files\NZubehör.mdb
[2008/10/31 11:01:08 | 015,736,832 | ---- | C] () -- C:\Program Files\NService.mdb
[2008/10/01 10:14:00 | 004,687,112 | ---- | C] () -- C:\Program Files\HandbuchCPLKalkulation200.pdf
[2008/09/12 14:28:13 | 000,483,328 | ---- | C] () -- C:\Program Files\NDSAktionen.mdb
[2008/09/12 14:28:13 | 000,309,248 | ---- | C] () -- C:\Program Files\NDZAktionen.mdb
[2008/09/12 14:28:13 | 000,075,776 | ---- | C] () -- C:\Program Files\NDBenutzer6.mdb
[2008/09/12 14:26:59 | 000,098,304 | ---- | C] () -- C:\Program Files\Tooltips2.mdb
[2008/09/12 14:26:59 | 000,083,968 | ---- | C] () -- C:\Program Files\TOOLTIPS.MDB
[2008/09/12 14:26:59 | 000,007,261 | ---- | C] () -- C:\Program Files\VERBESSERUNGEN1.HTML
[2008/09/12 14:26:54 | 029,528,064 | ---- | C] () -- C:\Program Files\NDPreisliste.mdb
[2008/09/12 14:26:54 | 000,180,224 | ---- | C] () -- C:\Program Files\NFAHRZEUGE.MDB
[2008/09/12 14:26:53 | 000,078,001 | ---- | C] () -- C:\Program Files\NDSTARTINFO.pdf
[2008/09/12 14:26:50 | 000,954,886 | ---- | C] () -- C:\Program Files\Hilfe_HTML.chm
[2008/09/12 14:26:50 | 000,340,656 | ---- | C] () -- C:\Program Files\KurzHilfe.chm
[2008/09/12 14:26:50 | 000,088,064 | ---- | C] () -- C:\Program Files\Hersteller.mdb

< End of report >
         
--- --- ---


Hier die ExtrasOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 8/11/2012 3:50:31 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\ah78480\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.95 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 48.09% Memory free
3.89 Gb Paging File | 3.01 Gb Available in Paging File | 77.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.83 Gb Total Space | 216.03 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 0.97 Gb Free Space | 11.77% Space Free | Partition Type: NTFS
Drive K: | 7.46 Gb Total Space | 1.88 Gb Free Space | 25.18% Space Free | Partition Type: FAT32
Drive L: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive Q: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive S: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive T: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive U: | 7.47 Gb Total Space | 0.93 Gb Free Space | 12.38% Space Free | Partition Type: FAT32
Drive Z: | 67.83 Gb Total Space | 0.90 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
 
Computer Name: N7848CF082 | User Name: ah78480 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075D8EE2-4B91-4B9A-841A-F0B5BD814C1A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0816AD69-EAD4-4E73-9BB2-61E87AAF59DC}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{319235E2-B4A8-4C7B-90D5-216EB597A5A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{357D9F71-312D-4CDD-A47F-17439C1E1A80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{410BFD25-F1BB-487F-92D8-902C614496D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6E81A9E5-A6AA-44BA-8E81-7A05ED2263D6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{70B2D861-581B-4816-8D3A-442C50B818AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{724290BC-84DF-45B4-9336-67C700795ACB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85913CC3-74AB-4D67-B34C-CF7F123FE0F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{896B5F03-C541-4910-8C62-8381F7E653FC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{978715D1-99D9-4372-8B83-C0EDB8DFF1FF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9A96C4AA-E65D-42DB-A4E1-664192FC897B}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{B0A3F92D-A156-411D-B976-9CCE0AEC8F30}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C3B3DF5F-78CF-4C63-BEEB-8F55567F727E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D2688C7C-EDE9-49B4-B1A1-0076DE508BB5}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{E5494D5D-8019-44BB-9E23-3A220D6DF6A1}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{EC4FA36A-C675-4667-B0BD-5A7643454361}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D8F4C7-4257-43A7-A1E6-65BA61419A81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{0453B6DF-5C58-48EE-BAA7-87488DF0A6B1}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{063C53D7-D73C-4A6F-9955-6617E372D387}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{2FEA9C13-37EB-4FD6-8001-0B49532EF13B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{36EC338D-41B3-4130-9907-FEF01B972EBF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{45D6FDB6-10EA-4358-B296-7678412CBC75}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{527BD020-6E11-45F4-8E2A-4CC6BAA4A211}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{5F19125D-612C-448A-AF31-C1EF0B629CA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{62343AB9-E708-4E5C-AB17-E641093C4DB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{62E39343-3E60-4DA5-82DD-2617C46558FF}" = protocol=17 | dir=in | app=c:\lear\pve.exe | 
"{673F5A3E-34F0-4987-BA3D-A1949CA96731}" = protocol=6 | dir=in | app=c:\program files\g data\avkclient\avkcl.exe | 
"{6ED4E6FC-3759-429A-AC2C-42B842CCE0E9}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{7D713441-1FAA-4D7A-91BF-157F59D94A54}" = protocol=17 | dir=in | app=c:\program files\lear\pve.exe | 
"{869B60F3-21BC-4FC5-8255-EDC4CCBD8F67}" = protocol=17 | dir=in | app=c:\program files\g data\avkclient\avkcl.exe | 
"{86DE434F-800C-4ED7-95D3-FDA5456CF5F9}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{8B7BA8C1-A2BC-4080-A729-281D05278A97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9A136E38-FEFE-4BDF-A218-6AA3DEFD56F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A88C94E9-BCD8-410B-8A6E-B6E651A50426}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8640633-9135-42C7-9C55-A8E6C57CF893}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{C1B7660E-0628-4C22-B842-C90C93416D7C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{C623CAFE-E067-4B35-85D2-078FD6FA48E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC6B6625-6A9D-47AD-B0F5-C2D0E2D44AC1}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{E5BF81F2-0A5F-4B73-BDAA-6222645B6735}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{E62C8C8A-B8CD-42E5-80D2-D4EF44E06D4F}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{E7A707B1-5A88-4EDF-9D57-AF5AF8DEEB3A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{EEA24276-08FA-42FC-98CD-59CB71C1B96F}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{F687CF01-C339-4314-ADAB-2FEE980EF36F}" = protocol=6 | dir=in | app=c:\program files\lear\pve.exe | 
"{FF5C661E-C3BE-4F51-AFBF-A0E2FC276AA6}" = protocol=6 | dir=in | app=c:\lear\pve.exe | 
"TCP Query User{ED18B0A7-3E55-47CF-A5A5-665954A1F006}C:\program files\g data\avkclient\avkcl.exe" = protocol=6 | dir=in | app=c:\program files\g data\avkclient\avkcl.exe | 
"UDP Query User{43A6A1FC-A8F5-438E-B9D8-5988042E3209}C:\program files\g data\avkclient\avkcl.exe" = protocol=17 | dir=in | app=c:\program files\g data\avkclient\avkcl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE72CC-7FCB-4E54-8936-72F7F6EB5F84}" = HP Setup
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19C83884-BB14-4C40-A6EC-4F2961CEE5E8}" = RCI LEAR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37C19C2D-9BB3-4CB0-A83C-26213C73C0BD}" = AVM FRITZ!Fernzugang
"{3909BE71-2D8F-42D2-BA46-3831B60CFD0F}" = eToken PKI Client 5.1 SP1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D05721D-98BD-41AB-B529-30AABE96E7F9}" = ScanSoft PDF Create! 4
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{40D43817-8AC7-4C1A-8B87-0D3603671FE1}" = Symantec Workspace Virtualization Agent
"{4665B449-CEA2-4296-A90E-EB932A418F5E}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E656870746973-65537569746549636F6E}_is1" = eSuite Icon 5.0
"{6E656870746973-746F796F7461696E7472616E6574}_is1" = Toyota Intranet
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E191C2-041A-4444-A52C-D702A9BB3482}_is1" = SCM Installation Kit for Vectury (Version 4.3 - r119307)
"{E7FA5B1D-28A8-4D4D-B3BA-F399B24FCB2B}" = Athena ASEDrive 2.9.0.0
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD7BA4C0-9B55-4A5F-B96B-777D258C83EE}" = OpenTrust SCM Client
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoBINGOOO_is1" = AutoBINGOOO 3.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"C10D69DE53F368F3693816F13251C176F2D42667" = Windows-Treiberpaket - UPEK (TcUsb) Biometric  (05/26/2009 1.9.2.0144)
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"D32D70674EA37AACEABDE52E6584AC05E739F46E" = Windows-Treiberpaket - Athena Smartcard Solutions (ASEDRV3) SmartCardReader  (07/09/2009 1.5.0.0)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Installation CPL-Kalkulation Nissan Deutschland" = Installation CPL-Kalkulation Nissan Deutschland 2.30 
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NetTerm" = NetTerm
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"NSS" = NSS (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamViewer 7" = TeamViewer 7
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/31/2012 5:22:40 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1342
 
Error - 7/31/2012 5:22:40 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1342
 
Error - 7/31/2012 5:22:42 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/31/2012 5:22:42 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2590
 
Error - 7/31/2012 5:22:42 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2590
 
Error - 7/31/2012 5:22:43 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/31/2012 5:22:43 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3697
 
Error - 7/31/2012 5:22:43 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3697
 
Error - 7/31/2012 5:22:44 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/31/2012 5:22:44 PM | Computer Name = N7848cf082 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4852
 
[ Hewlett-Packard Events ]
Error - 1/19/2012 5:50:15 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011219105006.xml
 File not created by asset agent
 
Error - 2/23/2012 5:34:35 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021223103432.xml
 File not created by asset agent
 
Error - 3/19/2012 8:10:20 PM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031220011012.xml
 File not created by asset agent
 
Error - 3/29/2012 4:52:11 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031229105208.xml
 File not created by asset agent
 
Error - 4/12/2012 4:15:05 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041212101502.xml
 File not created by asset agent
 
Error - 4/19/2012 4:08:45 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041219100837.xml
 File not created by asset agent
 
Error - 5/3/2012 4:04:36 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051203100427.xml
 File not created by asset agent
 
Error - 5/19/2012 3:31:11 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051219093102.xml
 File not created by asset agent
 
Error - 5/31/2012 4:17:43 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051231101728.xml
 File not created by asset agent
 
Error - 7/12/2012 4:12:19 AM | Computer Name = N7848cf082 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071212101210.xml
 File not created by asset agent
 
[ System Events ]
Error - 7/13/2012 7:54:37 AM | Computer Name = N7848cf082 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker FreePDF XP erforderliche Treiber Apple Color LW
 12/660 PS ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu
 installieren, bevor Sie sich erneut anmelden.
 
Error - 7/13/2012 7:54:38 AM | Computer Name = N7848cf082 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker HP Color LaserJet 3800 PCL 5c erforderliche Treiber
 HP Color LaserJet 3800 PCL 5c ist unbekannt. Wenden Sie sich an den Administrator,
 um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 7/13/2012 7:54:40 AM | Computer Name = N7848cf082 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker SDII PDF Converter erforderliche Treiber Amyuni
 Document Converter 2.10 ist unbekannt. Wenden Sie sich an den Administrator, um
 den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 7/13/2012 7:54:41 AM | Computer Name = N7848cf082 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker !!N7848CF091!HP LaserJet P2015 Series PCL 5e erforderliche
 Treiber HP LaserJet P2015 Series PCL 5e ist unbekannt. Wenden Sie sich an den Administrator,
 um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 7/16/2012 2:09:27 AM | Computer Name = N7848cf082 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 7/19/2012 10:00:14 AM | Computer Name = N7848cf082 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus
 lautet: 900.
 
Error - 7/23/2012 2:58:19 AM | Computer Name = N7848cf082 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 7/26/2012 5:26:43 AM | Computer Name = N7848cf082 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:   %%126
 
Error - 7/26/2012 6:18:49 AM | Computer Name = N7848cf082 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR10 
gefunden.
 
Error - 7/26/2012 6:52:11 AM | Computer Name = N7848cf082 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR14 
gefunden.
 
 
< End of report >
         
--- --- ---
__________________

Alt 14.08.2012, 18:21   #4
markusg
/// Malware-holic
 
Win 7 Pro Bundestrojaner 1.13 entfernen - Standard

Win 7 Pro Bundestrojaner 1.13 entfernen



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Win 7 Pro Bundestrojaner 1.13 entfernen
benötigte, beseitigung, bundes, bundestrojaner, bundestrojaner 1.13, entferne, entfernen, folge, freue, gefunde, schnelle, schnelle hilfe, troja, trojaner, win, win 7, würde



Ähnliche Themen: Win 7 Pro Bundestrojaner 1.13 entfernen


  1. BundesTrojaner Entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (19)
  2. Bundestrojaner! wie entfernen?
    Log-Analyse und Auswertung - 19.06.2013 (2)
  3. Bundestrojaner endgültig entfernen?
    Log-Analyse und Auswertung - 19.01.2013 (6)
  4. Bundestrojaner komplett entfernen - arbeite vom infizierten Rechner!
    Log-Analyse und Auswertung - 30.11.2012 (1)
  5. Bundestrojaner 1.13 entfernen ... OTL und EXTRAS schon vorhanden, wie gehts weiter?
    Log-Analyse und Auswertung - 25.11.2012 (4)
  6. Win.7 (32-Bit) Bundestrojaner 1.13 (hatte ihn schoneinmal) bitte um ASnleitung zum entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (5)
  7. Bundestrojaner versuchen mit Kaspersky Rescue Diks 10 entfernen, funktioniert nicht.(vista)
    Alles rund um Windows - 09.10.2012 (6)
  8. Bundestrojaner komplett entfernen
    Log-Analyse und Auswertung - 30.09.2012 (12)
  9. Bundestrojaner V1.13 entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (2)
  10. Bundestrojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (10)
  11. Bundestrojaner 1.13 Entfernen !
    Log-Analyse und Auswertung - 02.09.2012 (2)
  12. Bundestrojaner sicher und endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (19)
  13. Bundestrojaner Schweiz Reste und Registry-Einträge entfernen
    Log-Analyse und Auswertung - 02.08.2012 (11)
  14. Bundestrojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (20)
  15. Bundestrojaner entfernen / Desktopdaten Kopieren mit Eingabeaufforderung
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (3)
  16. Bundestrojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Bundestrojaner entfernen Win7 64bit Standardbenutzer-Account befallen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2011 (22)

Zum Thema Win 7 Pro Bundestrojaner 1.13 entfernen - Hallo, nach einigem Lesen habe ich die richtige Reihenfolge zur Beseitigung meines Trojaner gefunden. Hiermit bitte ich um Hilfe zur Beseitigung des Bundestrojaner 1.13. Anbei die benötigten Logs. Ich würde - Win 7 Pro Bundestrojaner 1.13 entfernen...
Archiv
Du betrachtest: Win 7 Pro Bundestrojaner 1.13 entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.