|
Log-Analyse und Auswertung: Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.12.2011, 10:21 | #1 |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Was soll ich sagen: "Herzlich Willkommen im Club", mich hat's ebenfalls erwischt. Ich wurde aber mit einem anderen angemeldeten Benutzername erwischt. Als die Meldung erscheinte, ALT-CTRL-DEL - danach habe ich mich einfach mit "Administrator" angemeldet. Kann also ganz normal am PC arbeiten. Mein Tipp also, bis hierher: Immer einen "Ersatz"-Administrator als Benutzer anlegen, damit man wie in meinem Fall noch die Möglichkeit hat zu wechseln. Torsten.E OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2011 09:56:39 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 14,70% Memory free 6,00 Gb Paging File | 2,48 Gb Available in Paging File | 41,40% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 8,44 Gb Free Space | 5,66% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 76,02 Gb Free Space | 51,00% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 1,77 Gb Free Space | 40,49% Space Free | Partition Type: UDF Drive L: | 499,87 Gb Total Space | 59,89 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Computer Name: SH-PC2 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\DeTeWe\TapiServer\etapisrv.exe" = C:\Program Files\DeTeWe\TapiServer\etapisrv.exe:*:Enabled:OpenCTI TapiServer "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\DeTeWe\TapiServer\etapisrv.exe" = C:\Program Files\DeTeWe\TapiServer\etapisrv.exe:*:Enabled:OpenCTI TapiServer "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9500_II_series" = Canon Pro9500 II series Printer Driver "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{15B5EA64-525A-4146-A3E9-0A369E9575B9}" = Cisco ASDM-IDM Launcher "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{30406D09-0004-4CFA-AB4C-12E30D40C960}" = AudialsOne "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 "{35FA05B1-FFFF-4687-9272-AA606808F67A}" = Audials "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{44830BDA-93FC-4821-A30E-30A0265CB269}" = Tunebite "{46B83567-5AA9-409C-B694-992695BB8944}_is1" = ABC ePUB DRM Removal 1.4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{520049D8-7E67-4E71-BB3E-74FDB34810AD}" = Softerra LDAP Browser "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5 "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10 "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components "{7DA53C94-5B97-4475-A14B-7BDB31D83C5D}" = AXIS Media Control Embedded Installer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{89FB030B-05F9-4421-9D90-8FF2BBA70FE7}_is1" = AXIS Camera Management 2.00 "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8E877E95-E7B8-4722-9490-732E9DBBA068}" = Audials "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-0054-0407-0000-0000000FF1CE}_VISPROR_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00B4-0407-0000-0000000FF1CE}_PRJPROR_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95A36786-E9A6-4CC8-AE28-29D038DDBDC6}" = Opera 11.52 "{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{ACD6DBAA-A82C-4F11-82D2-F943C7BBA012}" = Opera 10.60 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam "{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E206E32C-F2D8-49FF-965B-F27473B9E0A9}" = PhoenixRC "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance "{E4DA04B6-3EC4-4DFD-A14E-44959EF36D5B}" = Feedanzeige für Windows SideShow "{E60422F6-23F5-446A-B26D-70FF3092BF84}" = VMware vSphere CLI "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E848B479-CDFD-42C8-990D-AC9EA2D96633}" = Aastra - OpenCom1000 Service Tools "{EF327022-B623-4B6A-C41D-411720425583}_is1" = Easy2Sync für Dateien 1.43 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8531-1278-6363-8538" = Oxygen XML Editor 12.2 "ACMP Client_is1" = Aagon Client Management Platform 3.7 (Client) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface Service "Album Cover Art Downloader" = Album Cover Art Downloader 1.6.6 "Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60 "ASIO4ALL" = ASIO4ALL "Asset UPnP" = Asset UPnP "AVMWLANCLI" = AVM FRITZ!WLAN "AXIS Media Control Embedded" = AXIS Media Control Embedded "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Canon Pro9500 Mark II series Benutzerregistrierung" = Canon Pro9500 Mark II series Benutzerregistrierung "Canon RAW Codec" = Canon RAW Codec "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CCleaner" = CCleaner "Cidero UPnP Applications 1.5.3" = Cidero UPnP Applications 1.5.3 "Digital Editions" = Adobe Digital Editions "dlanavdvbs" = devolo dLAN TV Sat "dlanconf" = devolo dLAN-Konfigurationsassistent "DPP" = Canon Utilities Digital Photo Professional 3.9 "dslmon" = devolo Informer "DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011) "Easy Extract Icon_is1" = Easy Extract Icon v1.3.0 "Easy XML Editor_is1" = Easy XML Editor 1.6.6 "EncFlac" = EncFlac 1.1.2 "ENTERPRISER" = Microsoft Office Enterprise 2007 "EOS USB WIA Driver" = EOS USB WIA Driver "EOS Utility" = Canon Utilities EOS Utility "Exact Audio Copy" = Exact Audio Copy 1.0beta1 "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "FLAC" = FLAC 1.2.1b (remove only) "foobar2000" = foobar2000 v1.1.1 "Google Chrome" = Google Chrome "InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5 "Kernel for Exchange Server - Evaluation ver_is1" = Kernel for Exchange Server - Evaluation ver 11.05.01 "Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren "McAfee Managed Firewall" = McAfee Firewall Protection Service "McAfee Security Scan" = McAfee Security Scan Plus "McAfeeBrowserProtection" = McAfee Browser Protection Service "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "MVS" = McAfee Virus and Spyware Protection Service "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "PRJPROR" = Microsoft Office Project Professional 2007 "PumpKIN" = Klever PumpKIN 2.7.3 "PuTTY_is1" = PuTTY version 0.61 "RealVNC_is1" = VNC Free Edition 4.1.3 "RMPrepUSB" = RMPrepUSB "Securepoint Imaging Tool_is1" = Securepoint Imaging Tool 2.2 "Software Informer_is1" = Software Informer 1.0 BETA "SPEX-Client" = SPEX-Client "Squeezebox Server_is1" = Squeezebox Server 7.5.3 "Stellar Phoenix Mailbox Exchange Recovery_is1" = Stellar Phoenix Mailbox Exchange Recovery "SystemRequirementsLab" = System Requirements Lab "TwonkyBeam for Internet Explorer" = TwonkyBeam for Internet Explorer "TwonkyManager" = TwonkyManager "VISPROR" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 1.1.11 "webmmf" = WebM Media Foundation Components "Winamp" = Winamp "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR "WMS" = Wild Media Server (UPnP, DLNA, HTTP) "XnView_is1" = XnView 1.98.2 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Office" = Office "Open Interfaces Platform" = Open Interfaces Platform "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.12.2010 08:02:16 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Application Hang | ID = 1002 Description = Programm eclipse.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cb4 Startzeit: 01cb9a9e08091140 Endzeit: 206 Anwendungspfad: C:\Program Files\eclipse\eclipse.exe Berichts-ID: cd9cdb00-06b0-11e0-b3bd-001d60236423 Error - 13.12.2010 13:41:14 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.12.2010 13:52:06 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.12.2010 03:11:05 | Computer Name = SH-PC2.ifta-gmbh.local | Source = wmssvc.exe | ID = 0 Description = Error - 15.12.2010 12:13:10 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2010 04:55:15 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2010 19:33:40 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.12.2010 08:37:44 | Computer Name = SH-PC2.ifta-gmbh.local | Source = MsiInstaller | ID = 11606 Description = Error - 17.12.2010 08:37:44 | Computer Name = SH-PC2.ifta-gmbh.local | Source = MsiInstaller | ID = 11606 Description = Error - 17.12.2010 09:07:57 | Computer Name = SH-PC2.ifta-gmbh.local | Source = VSS | ID = 8194 Description = [ Media Center Events ] Error - 06.08.2011 03:39:18 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 06.08.2011 03:44:32 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 06.08.2011 03:49:35 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 03:54:35 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 03:59:41 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:04:46 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:09:51 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:14:57 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:20:02 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:25:07 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) [ OSession Events ] Error - 02.12.2009 04:06:11 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1248 seconds with 240 seconds of active time. This session ended with a crash. Error - 29.01.2010 09:51:16 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90356 seconds with 17340 seconds of active time. This session ended with a crash. Error - 07.04.2011 10:06:30 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 20.05.2011 01:38:38 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113 seconds with 60 seconds of active time. This session ended with a crash. Error - 29.06.2011 01:57:41 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.06.2011 01:57:44 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 18.11.2011 05:08:19 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 18.12.2011 15:20:49 | Computer Name = SH-PC2.ifta-gmbh.local | Source = DCOM | ID = 10005 Description = Error - 18.12.2011 15:20:50 | Computer Name = SH-PC2.ifta-gmbh.local | Source = DCOM | ID = 10005 Description = Error - 18.12.2011 15:46:54 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 2 Description = Für einen installierten Treiber liegen bekannte Kompatibilitätsprobleme vor. Aktualisieren Sie den Treiber auf eine neuere Version. Name: Microsoft Security Essentials Ursache: die installierte Version des Programms verhindert enventuell eine erfolgreiche Service Pack-Installation. GUID: {EE990683-6675-41CC-BEE9-6A679A01237A} Error - 18.12.2011 16:14:05 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 8 Description = Fehler bei der Service Pack-Installation. Fehlercode: 0x800f0a09. Error - 18.12.2011 16:15:29 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows 7 Service Pack 1 (KB976932) Error - 19.12.2011 04:59:09 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 2 Description = Für einen installierten Treiber liegen bekannte Kompatibilitätsprobleme vor. Aktualisieren Sie den Treiber auf eine neuere Version. Name: Microsoft Security Essentials Ursache: die installierte Version des Programms verhindert enventuell eine erfolgreiche Service Pack-Installation. GUID: {EE990683-6675-41CC-BEE9-6A679A01237A} Error - 19.12.2011 04:59:15 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 8 Description = Fehler bei der Service Pack-Installation. Fehlercode: 0x800f0a09. Error - 19.12.2011 05:17:02 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows 7 Service Pack 1 (KB976932) Error - 20.12.2011 21:51:43 | Computer Name = SH-PC2.ifta-gmbh.local | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 21.12.2011 03:19:56 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Service Control Manager | ID = 7030 Description = Der Dienst "McAfee Virus and Spyware Protection Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. < End of report > |
21.12.2011, 10:25 | #2 |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Was mich interessiert ist, an was erkennt man den Trojaner, muss ja ein Script/Exe oder sonst was sein, was man doch zumindest mal Löschen könnte, damit er nicht ausgeführt wird, oder ?
__________________ |
21.12.2011, 11:36 | #3 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Hi,
__________________bei dir kann man noch nichts erkennen, otl.txt fehlt
__________________ |
21.12.2011, 11:40 | #4 |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Ups - hier ist sie Du meinstest die Extras.txt ? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2011 09:56:39 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 14,70% Memory free 6,00 Gb Paging File | 2,48 Gb Available in Paging File | 41,40% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 8,44 Gb Free Space | 5,66% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 76,02 Gb Free Space | 51,00% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 1,77 Gb Free Space | 40,49% Space Free | Partition Type: UDF Drive L: | 499,87 Gb Total Space | 59,89 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Computer Name: SH-PC2 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\DeTeWe\TapiServer\etapisrv.exe" = C:\Program Files\DeTeWe\TapiServer\etapisrv.exe:*:Enabled:OpenCTI TapiServer "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\DeTeWe\TapiServer\etapisrv.exe" = C:\Program Files\DeTeWe\TapiServer\etapisrv.exe:*:Enabled:OpenCTI TapiServer "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9500_II_series" = Canon Pro9500 II series Printer Driver "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{15B5EA64-525A-4146-A3E9-0A369E9575B9}" = Cisco ASDM-IDM Launcher "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{30406D09-0004-4CFA-AB4C-12E30D40C960}" = AudialsOne "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 "{35FA05B1-FFFF-4687-9272-AA606808F67A}" = Audials "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{44830BDA-93FC-4821-A30E-30A0265CB269}" = Tunebite "{46B83567-5AA9-409C-B694-992695BB8944}_is1" = ABC ePUB DRM Removal 1.4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{520049D8-7E67-4E71-BB3E-74FDB34810AD}" = Softerra LDAP Browser "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5 "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10 "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components "{7DA53C94-5B97-4475-A14B-7BDB31D83C5D}" = AXIS Media Control Embedded Installer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{89FB030B-05F9-4421-9D90-8FF2BBA70FE7}_is1" = AXIS Camera Management 2.00 "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8E877E95-E7B8-4722-9490-732E9DBBA068}" = Audials "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-0054-0407-0000-0000000FF1CE}_VISPROR_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00B4-0407-0000-0000000FF1CE}_PRJPROR_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95A36786-E9A6-4CC8-AE28-29D038DDBDC6}" = Opera 11.52 "{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{ACD6DBAA-A82C-4F11-82D2-F943C7BBA012}" = Opera 10.60 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam "{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E206E32C-F2D8-49FF-965B-F27473B9E0A9}" = PhoenixRC "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance "{E4DA04B6-3EC4-4DFD-A14E-44959EF36D5B}" = Feedanzeige für Windows SideShow "{E60422F6-23F5-446A-B26D-70FF3092BF84}" = VMware vSphere CLI "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E848B479-CDFD-42C8-990D-AC9EA2D96633}" = Aastra - OpenCom1000 Service Tools "{EF327022-B623-4B6A-C41D-411720425583}_is1" = Easy2Sync für Dateien 1.43 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8531-1278-6363-8538" = Oxygen XML Editor 12.2 "ACMP Client_is1" = Aagon Client Management Platform 3.7 (Client) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface Service "Album Cover Art Downloader" = Album Cover Art Downloader 1.6.6 "Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60 "ASIO4ALL" = ASIO4ALL "Asset UPnP" = Asset UPnP "AVMWLANCLI" = AVM FRITZ!WLAN "AXIS Media Control Embedded" = AXIS Media Control Embedded "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Canon Pro9500 Mark II series Benutzerregistrierung" = Canon Pro9500 Mark II series Benutzerregistrierung "Canon RAW Codec" = Canon RAW Codec "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CCleaner" = CCleaner "Cidero UPnP Applications 1.5.3" = Cidero UPnP Applications 1.5.3 "Digital Editions" = Adobe Digital Editions "dlanavdvbs" = devolo dLAN TV Sat "dlanconf" = devolo dLAN-Konfigurationsassistent "DPP" = Canon Utilities Digital Photo Professional 3.9 "dslmon" = devolo Informer "DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011) "Easy Extract Icon_is1" = Easy Extract Icon v1.3.0 "Easy XML Editor_is1" = Easy XML Editor 1.6.6 "EncFlac" = EncFlac 1.1.2 "ENTERPRISER" = Microsoft Office Enterprise 2007 "EOS USB WIA Driver" = EOS USB WIA Driver "EOS Utility" = Canon Utilities EOS Utility "Exact Audio Copy" = Exact Audio Copy 1.0beta1 "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "FLAC" = FLAC 1.2.1b (remove only) "foobar2000" = foobar2000 v1.1.1 "Google Chrome" = Google Chrome "InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5 "Kernel for Exchange Server - Evaluation ver_is1" = Kernel for Exchange Server - Evaluation ver 11.05.01 "Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren "McAfee Managed Firewall" = McAfee Firewall Protection Service "McAfee Security Scan" = McAfee Security Scan Plus "McAfeeBrowserProtection" = McAfee Browser Protection Service "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "MVS" = McAfee Virus and Spyware Protection Service "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "PRJPROR" = Microsoft Office Project Professional 2007 "PumpKIN" = Klever PumpKIN 2.7.3 "PuTTY_is1" = PuTTY version 0.61 "RealVNC_is1" = VNC Free Edition 4.1.3 "RMPrepUSB" = RMPrepUSB "Securepoint Imaging Tool_is1" = Securepoint Imaging Tool 2.2 "Software Informer_is1" = Software Informer 1.0 BETA "SPEX-Client" = SPEX-Client "Squeezebox Server_is1" = Squeezebox Server 7.5.3 "Stellar Phoenix Mailbox Exchange Recovery_is1" = Stellar Phoenix Mailbox Exchange Recovery "SystemRequirementsLab" = System Requirements Lab "TwonkyBeam for Internet Explorer" = TwonkyBeam for Internet Explorer "TwonkyManager" = TwonkyManager "VISPROR" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 1.1.11 "webmmf" = WebM Media Foundation Components "Winamp" = Winamp "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR "WMS" = Wild Media Server (UPnP, DLNA, HTTP) "XnView_is1" = XnView 1.98.2 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Office" = Office "Open Interfaces Platform" = Open Interfaces Platform "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.12.2010 08:02:16 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Application Hang | ID = 1002 Description = Programm eclipse.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cb4 Startzeit: 01cb9a9e08091140 Endzeit: 206 Anwendungspfad: C:\Program Files\eclipse\eclipse.exe Berichts-ID: cd9cdb00-06b0-11e0-b3bd-001d60236423 Error - 13.12.2010 13:41:14 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.12.2010 13:52:06 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.12.2010 03:11:05 | Computer Name = SH-PC2.ifta-gmbh.local | Source = wmssvc.exe | ID = 0 Description = Error - 15.12.2010 12:13:10 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2010 04:55:15 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2010 19:33:40 | Computer Name = SH-PC2.ifta-gmbh.local | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.12.2010 08:37:44 | Computer Name = SH-PC2.ifta-gmbh.local | Source = MsiInstaller | ID = 11606 Description = Error - 17.12.2010 08:37:44 | Computer Name = SH-PC2.ifta-gmbh.local | Source = MsiInstaller | ID = 11606 Description = Error - 17.12.2010 09:07:57 | Computer Name = SH-PC2.ifta-gmbh.local | Source = VSS | ID = 8194 Description = [ Media Center Events ] Error - 06.08.2011 03:39:18 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 06.08.2011 03:44:32 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 06.08.2011 03:49:35 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 03:54:35 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 03:59:41 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:04:46 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:09:51 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:14:57 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:20:02 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) Error - 08.08.2011 04:25:07 | Computer Name = SH-PC2.ifta-gmbh.local | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) dLAN TV Sat (Tuner) [ OSession Events ] Error - 02.12.2009 04:06:11 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1248 seconds with 240 seconds of active time. This session ended with a crash. Error - 29.01.2010 09:51:16 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90356 seconds with 17340 seconds of active time. This session ended with a crash. Error - 07.04.2011 10:06:30 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 20.05.2011 01:38:38 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113 seconds with 60 seconds of active time. This session ended with a crash. Error - 29.06.2011 01:57:41 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.06.2011 01:57:44 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 18.11.2011 05:08:19 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 18.12.2011 15:20:49 | Computer Name = SH-PC2.ifta-gmbh.local | Source = DCOM | ID = 10005 Description = Error - 18.12.2011 15:20:50 | Computer Name = SH-PC2.ifta-gmbh.local | Source = DCOM | ID = 10005 Description = Error - 18.12.2011 15:46:54 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 2 Description = Für einen installierten Treiber liegen bekannte Kompatibilitätsprobleme vor. Aktualisieren Sie den Treiber auf eine neuere Version. Name: Microsoft Security Essentials Ursache: die installierte Version des Programms verhindert enventuell eine erfolgreiche Service Pack-Installation. GUID: {EE990683-6675-41CC-BEE9-6A679A01237A} Error - 18.12.2011 16:14:05 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 8 Description = Fehler bei der Service Pack-Installation. Fehlercode: 0x800f0a09. Error - 18.12.2011 16:15:29 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows 7 Service Pack 1 (KB976932) Error - 19.12.2011 04:59:09 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 2 Description = Für einen installierten Treiber liegen bekannte Kompatibilitätsprobleme vor. Aktualisieren Sie den Treiber auf eine neuere Version. Name: Microsoft Security Essentials Ursache: die installierte Version des Programms verhindert enventuell eine erfolgreiche Service Pack-Installation. GUID: {EE990683-6675-41CC-BEE9-6A679A01237A} Error - 19.12.2011 04:59:15 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-Service Pack Installer | ID = 8 Description = Fehler bei der Service Pack-Installation. Fehlercode: 0x800f0a09. Error - 19.12.2011 05:17:02 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows 7 Service Pack 1 (KB976932) Error - 20.12.2011 21:51:43 | Computer Name = SH-PC2.ifta-gmbh.local | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 21.12.2011 03:19:56 | Computer Name = SH-PC2.ifta-gmbh.local | Source = Service Control Manager | ID = 7030 Description = Der Dienst "McAfee Virus and Spyware Protection Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. < End of report > |
21.12.2011, 12:22 | #5 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen edit: anhang übersehen, einen moment
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2011, 12:23 | #6 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnenCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen |
21.12.2011, 15:38 | #7 |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen ComboFix.TXT Könnt Ihr mir nebenbei ein wenig verraten was jetzt so alles passiert Bisher kann ich nur Danke sagen Torsten |
21.12.2011, 15:47 | #8 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen ich muss dir leider mitteilen das dein mitgliedsausweis zerrissen wurde und deine mitgliedschaft damit beendet wurde :d öffne mal computer c: qoobox, rechtsklick auf quarantain, mit winrar zip oder anderem archivierungsprogramm packen. File-Upload.net - Ihr kostenloser File Hoster! dort hochladen, link als private nachicht an mich.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2011, 15:55 | #9 |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Link liegt in Deinem Postfach :-) Torsten |
21.12.2011, 15:55 | #10 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen danke für den link öffne malwarebytes, logdateien, poste mir alle berichte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2011, 16:17 | #11 |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Ich hoffe das ist das richtige Teil von ARO 2012 |
21.12.2011, 16:21 | #12 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen nö, wie gesagt einfach malwarebytes öffnen auf logdateien klicken und die scan berichte reinstellen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2011, 16:41 | #13 | |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Ist das richtig, so Zitat:
|
21.12.2011, 16:59 | #14 |
/// Malware-holic | Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen du sollst kein neues erstellen sondern die bisherigen hier rein stellen..
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2011, 17:04 | #15 | |
| Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen Mehr hab ich nicht, ich hatte das Programm nicht mehr auf dem PC war schon gelöscht und musste gerade vorher neu installiert werden protection-log-2011-12-17.txt Zitat:
|
Themen zu Meine Mitgliedschaft im BKA-Club hat ebenfalls begonnen |
32 bit, administrator, andere, anderen, benutzer, benutzername, benutzerregistrierung, canon, ebenfalls, einfach, ersatz, erschein, feedback, gemeldete, google chrome, google earth, install.exe, legen, mcafee firewall, mcafee virus, meldung, microsoft office word, msiinstaller, möglichkeit, nicht gefunden, nicht möglich, office 2007, remote control, schattenkopien, security scan, security update, version., wechsel, willkommen, winload toolbar |