| |
| |||||||
Log-Analyse und Auswertung: GVU "ihr computer wurde gesperrt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.12.2012, 11:11
| #31 |
 |  GVU "ihr computer wurde gesperrt" sollte jetzt oben sein |
|
27.12.2012, 11:14
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU "ihr computer wurde gesperrt" Nein ist nicht...ist die Datei zu groß? Wenn mehrere MBytes groß bitte hier hochladen => File-Upload.net - Ihr kostenloser File Hoster! und den Link im nächsten Beitrag posten
__________________
__________________ |
|
27.12.2012, 11:25
| #33 |
| | GVU "ihr computer wurde gesperrt" Die Datei ist 18 mb groß. Bin jetzt unterwegs. Wenn ich wieder zu Hause bin werde ich es nochmal versuchen. Sry!
__________________ |
|
27.12.2012, 11:36
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Ok, melde dich bzw. poste einfach den Link hier wenn sie bei file-upload ist
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.12.2012, 16:33
| #35 |
| | GVU "ihr computer wurde gesperrt" File-Upload.net - MovedFiles.zip |
|
27.12.2012, 21:15
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Was soll ich damit anfangen, das ist kein Link!
__________________ --> GVU "ihr computer wurde gesperrt" |
|
27.12.2012, 21:26
| #37 |
| | GVU "ihr computer wurde gesperrt" sry bin ich ein depp. hatte irgendwie nur den letzten teil des link namens im zwischenspeicher. sollte mal lesen was ich poste. tut mir leid. File-Upload.net - MovedFiles.zip |
|
27.12.2012, 21:36
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Und wo ist da bitte jetzt der Unterschied?! Nutz doch mal bitte die Vorschaufunktion!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 21:43
| #39 |
| | GVU "ihr computer wurde gesperrt" www.file-upload.net/download-6977668/MovedFiles.zip.html |
|
27.12.2012, 21:58
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Ok, danke. Ich brauch nach dem letzten OTL-Fix natürlich wieder ein neues Kontrolllog mit OTL....
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 22:49
| #41 |
| | GVU "ihr computer wurde gesperrt"Code:
ATTFilter OTL logfile created on: 27.12.2012 22:22:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,65% Memory free 3,74 Gb Paging File | 2,93 Gb Available in Paging File | 78,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 3,54 Gb Free Space | 9,06% Space Free | Partition Type: NTFS Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\MobileBrServ\mbbService.exe () PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe () SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt () DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation) DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation) DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/ IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01 [binary data] IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions [2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions [2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com [2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi [2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml [2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml [2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml [2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml [2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml [2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml [2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.27 10:41:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 09:20:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.27 09:20:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp [2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe [2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe [2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe [2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles [2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2012.12.27 22:14:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.27 22:14:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.27 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.27 21:20:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 16:28:00 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 16:28:00 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 16:25:55 | 000,659,982 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.27 16:25:55 | 000,623,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.27 16:25:55 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.27 16:25:55 | 000,109,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.27 16:19:54 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys [2012.12.27 10:41:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.12.27 10:35:18 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.26 21:31:15 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe [2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe [2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe [2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe [2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe [2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3 [2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.12.17 22:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.17 22:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk [2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.12.26 21:31:09 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe [2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe [2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable [2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3 [2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk [2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk [2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR [2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf [2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties [2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs [2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.02.25 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\7-PDFMaker [2010.01.13 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AlcaTech [2010.12.23 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AquaSoft [2011.11.27 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ashampoo Slideshow Studio Elements [2011.06.14 22:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\avidemux [2010.01.15 18:15:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ChessBase [2012.02.22 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\CmapTools [2010.01.20 22:18:03 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\dBpoweramp [2011.10.14 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Downloaded Installations [2012.10.18 21:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Dropbox [2012.03.14 13:33:05 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoft [2012.03.14 13:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.01 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\EndNote [2012.04.11 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\FreeAudioPack [2011.03.15 21:17:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GetRightToGo [2011.03.23 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GraphPad Software [2012.10.02 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ICQ [2011.03.23 13:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Leadertech [2011.06.15 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MAGIX [2012.12.16 16:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer [2012.07.22 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Nitro PDF [2011.02.18 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Opera [2010.08.27 14:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\SerialCloner [2011.05.18 13:15:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Thunderbird [2010.09.29 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Tonium [2009.12.25 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TuneUp Software [2012.01.24 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\VSO [2010.12.24 11:09:42 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 22:22:29 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,65% Memory free
3,74 Gb Paging File | 2,93 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,54 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
Zeitstempel: 0x4e051153 Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
Zeitstempel: 0x4e050fc7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a631ab ID des fehlerhaften
Prozesses: 0xf50 Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung:
23b37e5e-c686-11e0-bb3e-00030d9779cd
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 27.12.2012 04:15:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 27.12.2012 05:36:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 27.12.2012 05:41:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 27.12.2012 05:43:37 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 27.12.2012 11:20:44 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet. 20:58:19 - Unable
to contact server..
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet. 20:58:28 - Unable
to contact server..
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet. 09:43:14 - Unable
to contact server..
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet. 20:38:54 - Unable
to contact server..
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet. 20:38:59 - Unable
to contact server..
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet. 22:00:22 - Unable
to contact server..
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet. 22:00:27 - Unable
to contact server..
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet. 20:33:18 - Unable
to contact server..
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet. 20:33:23 - Unable
to contact server..
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
seconds with 300 seconds of active time. This session ended with a crash.
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
seconds with 360 seconds of active time. This session ended with a crash.
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
seconds with 840 seconds of active time. This session ended with a crash.
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
seconds with 5640 seconds of active time. This session ended with a crash.
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time. This session ended with
a crash.
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
seconds with 1260 seconds of active time. This session ended with a crash.
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time. This session ended with a
crash.
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.12.2012 05:35:43 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 27.12.2012 05:41:01 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 1000 Millisekunden durchgeführt: Restart the service.
Error - 27.12.2012 05:42:58 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 27.12.2012 05:42:58 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 27.12.2012 05:43:12 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst vpnagent erreicht.
Error - 27.12.2012 05:43:29 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Live ID Sign-in Assistant erreicht.
Error - 27.12.2012 05:43:29 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 27.12.2012 11:20:27 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 27.12.2012 11:20:27 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote
Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 27.12.2012 13:39:32 | Computer Name = Jonas-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
|
|
28.12.2012, 12:12
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Hm, da ist immer noch Toolbar-Müll drin Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2012, 14:07
| #43 |
| | GVU "ihr computer wurde gesperrt" habe die alte exe datei vom desktop gelöscht und den papierkorb geleert. bin dem link in der von dir geposteden beschreibung gefolgt und habe die adw neu heruntergeladen und eine neue suche gemacht. in der textdatei stand updated 25/12/2012. habe dann nochmal geschaut ob es eine andere neuere version gibt aber war nicht erfolgreich. das aktuellste schein von 25.12.2012 zu sein. und soweit ich das als laie erkenne findet der nix oder? Code:
ATTFilter # AdwCleaner v2.103 - Logfile created 12/28/2012 at 14:02:05
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : Jonas - JONAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Jonas\Desktop\adwcleaner_2.103.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (de)
File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2q5qgp3s.default\prefs.js
[OK] File is clean.
-\\ Opera v [Unable to get version]
File : C:\Users\Jonas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [15489 octets] - [24/12/2012 20:07:14]
AdwCleaner[R2].txt - [15550 octets] - [26/12/2012 21:31:50]
AdwCleaner[R3].txt - [1029 octets] - [28/12/2012 13:54:25]
AdwCleaner[R4].txt - [968 octets] - [28/12/2012 14:02:05]
########## EOF - C:\AdwCleaner[R4].txt - [1027 octets] ##########
|
|
28.12.2012, 14:09
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt"Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2012, 14:30
| #45 |
| | GVU "ihr computer wurde gesperrt"Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: finder@meingutscheincode.de:2.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jonas\Desktop\cmd.bat deleted successfully.
C:\Users\Jonas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jonas
->Temp folder emptied: 71890 bytes
->Temporary Internet Files folder emptied: 498699 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16887585 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494442 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 17,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_142050
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu GVU "ihr computer wurde gesperrt" |
| antivirus, autorun, bho, computer, error, excel, failed, fehler, firefox, flash player, geld, helper, install.exe, internet, kaspersky, lanmanworkstation, launch, lightning, logfile, mozilla, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, thomson, virus, windows, wma |
Textbox. 
Linear-Darstellung
