![]() |
|
Plagegeister aller Art und deren Bekämpfung: befall vom neuen verschlüsselungs trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() befall vom neuen verschlüsselungs trojaner Hallo, sitzte hier grade am rechner meines neffen der vor ca. 2 tagen vom neuen verschlüsselungstrojaner befallen wurde. Ich hatte gedacht das ich das mit ner systemwiederherstellung wieder hinkriege, aber hat nicht gaklappt. Nun hat mir ein freund der den alten trojaner hatte dieses forum empfohlen, ich hoffe ihr könnt mir schnell helfen oder muss ich ihn neu aufsetzten bzw. würde das was helfen. Ich habe mir gerdae mal dir anleitung durschgelesen und habe nun mit Malwarebytes und otl gescannt. des weiteren habe ich ein 32bit win7 system. hier nun die logs der scans: Malewarebytes log: [code] Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 TOMY'S :: TOMYS-PC [Administrator] 17.07.2012 00:34:26 mbam-log-2012-07-17 (00-34-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213458 Laufzeit: 4 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Users\TOMY'S\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\TOMY'S\AppData\Local\Temp\hnszs0.exe (Trojan.Agent.TRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOMY'S\Downloads\SoftonicDownloader_fuer_last-chaos.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOMY'S\AppData\Roaming\dclogs\2012-06-02-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Otl Log: OTL Logfile: OTL EXTRAS Logfile: [CODE]OTL logfile created on: 17.07.2012 01:46:09 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\TOMY'S\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 66,33% Memory free 5,00 Gb Paging File | 4,01 Gb Available in Paging File | 80,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 65,76 Gb Total Space | 27,81 Gb Free Space | 42,28% Space Free | Partition Type: NTFS Drive D: | 400,00 Gb Total Space | 364,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS Drive F: | 3,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TOMYS-PC | User Name: TOMY'S | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.17 01:45:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\TOMY'S\Desktop\OTL.exe PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.07.29 22:05:42 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- D:\1-Click PC Care\CareMon.exe -- (CareMon) SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.07.13 02:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - C:\Programme\Game_Master_2.1\prxtbGam0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3018509 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 39 28 39 08 48 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - C:\Programme\Game_Master_2.1\prxtbGam0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{04745E3F-F23E-4D51-AAEF-F15ED38DB56B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3118295C-CDB6-4F67-8313-5C2FF4093932}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=901452_yserp&p={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{CCF4D57B-C9C7-4B15-B560-AFE63C062EFA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3018509 IE - HKCU\..\SearchScopes\{E6AF8D10-6D32-4108-BF94-1B78CEBEC3D2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=41D39FED-D15B-496A-8627-440FA72B74E9&apn_sauid=16FD121B-2119-4343-94E3-0E67DF8E9286 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 und die Extras Log : Code:
ATTFilter OTL Extras logfile created on: 17.07.2012 01:46:09 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\TOMY'S\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 66,33% Memory free 5,00 Gb Paging File | 4,01 Gb Available in Paging File | 80,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 65,76 Gb Total Space | 27,81 Gb Free Space | 42,28% Space Free | Partition Type: NTFS Drive D: | 400,00 Gb Total Space | 364,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS Drive F: | 3,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TOMYS-PC | User Name: TOMY'S | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BCABE3C-E6F5-49D1-A69E-E6F0753B274F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{11872EC7-087F-40B8-9A96-40711333932E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{12808DB1-F114-4AD7-97D2-E9F989D5A5ED}" = lport=2869 | protocol=6 | dir=in | app=system | "{15C41016-10B3-4E84-80EC-C3BC29562ED5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{36BA8E50-58D9-4C1E-BD61-BA0FF2AF3E58}" = lport=445 | protocol=6 | dir=in | app=system | "{3F6A1D5E-B71F-4CC1-B39F-9C8A6439767A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{453888B7-AFA0-4357-A7B3-06F7E5097196}" = rport=445 | protocol=6 | dir=out | app=system | "{4B6D05DF-BE87-4B48-8962-5ADFA7DC2F09}" = lport=138 | protocol=17 | dir=in | app=system | "{4B9C2EEF-EF5F-421C-A272-327798504826}" = lport=137 | protocol=17 | dir=in | app=system | "{5DC4A2D0-F624-4AB1-8FEB-71260A2BC753}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B51C92C-B55D-4C9C-9EB0-92C1C2095919}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7BFE6352-9113-4F10-AE87-4646D6D07924}" = rport=138 | protocol=17 | dir=out | app=system | "{808C317F-E03F-40F9-90DD-BC6D35C7AEDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{851A2776-90DC-4DFC-8B46-7E20047AB443}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9AA036C7-7229-4B92-93AF-94F6D0017683}" = lport=10243 | protocol=6 | dir=in | app=system | "{9D7EC011-5C57-4F9B-B885-A81D201FF6F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B10C2738-8F04-493B-BA38-D2ED60F68C7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B25014DF-5365-4132-A74A-0917F9910590}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BB45FFB6-C53C-4D9A-A95F-E57310BC1BD1}" = lport=139 | protocol=6 | dir=in | app=system | "{CDF53FFD-8CD9-4A42-9D9F-0F4EF516E08B}" = rport=137 | protocol=17 | dir=out | app=system | "{D16DC311-88EA-430A-A8C4-C5BB7FAFE6C5}" = rport=10243 | protocol=6 | dir=out | app=system | "{D4805182-34FC-442E-A91F-AA7A07458410}" = rport=139 | protocol=6 | dir=out | app=system | "{EB6036A1-8EC5-4990-ABF2-93A8E9B4A68B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07A76AD8-D508-49F6-8DAC-03AA4EAF59D2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{08FA7ACD-097B-44CC-B156-D8D707F3FAB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0B5F4A0D-743F-48FB-8B33-FEA85D6FC3D3}" = protocol=17 | dir=in | app=d:\motocross\steam.exe | "{0CF56A90-D0D7-472F-B121-F21D41E0D8A7}" = protocol=17 | dir=in | app=d:\supreme commander\bin\supremecommander.exe | "{0DDB2819-E5BA-4A49-B182-B6A7F0B09359}" = protocol=17 | dir=in | app=d:\landwirtschafts simulator 2011 demo\game.exe | "{1119F38D-9FC6-49EC-876A-0760FAF885A9}" = protocol=6 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxsettings.exe | "{15B0D26C-92EA-4A9E-98D0-BB05883E3228}" = protocol=17 | dir=in | app=d:\bf 2\bf2.exe | "{1DFD4BED-E445-448C-80D0-B5DD1CDF302C}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "{1EC69736-6A99-4CEE-9AC2-2666AB17C51D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{22431037-3BD4-47CD-85FC-C402E79452FB}" = protocol=17 | dir=in | app=d:\battlefield\bf2.exe | "{2AE11DF0-F521-429E-B5F4-8AF38554AD5A}" = protocol=6 | dir=in | app=d:\gpgnet\gpg.multiplayer.client.exe | "{2C97D820-0D24-4BF7-AC80-030E3FC5D033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{31FE2295-0F40-4E40-A398-76A3BA4271D5}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "{391E2496-5235-4F73-B7C3-B08A80C4931A}" = protocol=6 | dir=in | app=d:\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe | "{3954DB8C-C0EE-4AC0-8DEE-BBE39DB81313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3BCF0627-FDB7-4360-A5E1-EB1B813C7CF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40BDC7F1-79CD-4B4F-B147-371DF240B4EF}" = protocol=6 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxreflex.exe | "{419A0C7F-2CFC-4D4E-8EE3-A0D07ADBF056}" = protocol=17 | dir=in | app=d:\gpgnet\gpg.multiplayer.client.exe | "{4F1867AD-9943-4675-BB7B-8E4344E1CF74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5EA41624-2CFE-4842-89DF-2001E6BBCC40}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{6485A750-4454-40FC-BA23-F02E15B8E522}" = dir=in | app=d:\brickforce\brickforce.exe | "{69C68247-AD97-4726-96C2-97C24E44136B}" = protocol=17 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxsettings.exe | "{6A518080-35BF-4F37-811A-C5F3C8DBD521}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{6ADA8585-9C18-4D07-8B22-A309AE0F3337}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6BEB7F30-8BD8-43AA-AA37-5938563CF92F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{71089B2B-2882-4CAD-87F1-1DE0749237C1}" = protocol=6 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxsettings.exe | "{7882937D-E460-46CD-A87A-D36D7DCE156A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7B146119-028C-49A1-8E90-3371C726A1D1}" = protocol=6 | dir=in | app=d:\bf 2\bf2.exe | "{7B6204DC-9FF6-477C-ACCF-E2A0FCC3557C}" = protocol=6 | dir=in | app=d:\battlefield\bf2.exe | "{85D4FA15-3182-44D6-86CC-50927DBCF38D}" = protocol=6 | dir=out | app=system | "{8F88BBFB-DC34-4366-ACD5-4CFD32D053A8}" = protocol=6 | dir=in | app=d:\motocross\steam.exe | "{9120A7F0-88A5-4C98-AD10-E8BA779A7BD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{98DE9D59-B09C-46E5-AA23-A02034B6C6CC}" = dir=in | app=d:\brickforce\bflauncher.exe | "{A066F8C5-8321-4D7C-9EB4-022B18E94B06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A410F679-4915-44D9-8108-D841DA740775}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A43373A6-F967-4CC4-9ECE-45172F917293}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{A77DEE0F-B788-478A-8CEE-9CC6A0C861D3}" = protocol=6 | dir=in | app=d:\uawea.exe | "{A7B3EEE4-C650-4D6A-B162-E1DAD33FAED1}" = protocol=17 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxreflex.exe | "{BBACC259-7BA4-46DB-9549-F76BD9736804}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BC4B251E-EA77-46E4-B41A-F134A3042523}" = protocol=17 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxsettings.exe | "{BD2118AB-D3A2-4B1C-AD07-2EDA89425CB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BF542558-5860-42B9-8DDE-47AC7DFF771D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{BF803521-DAC8-417E-91B3-ACEE585D186C}" = protocol=6 | dir=in | app=d:\landwirtschafts simulator 2011 demo\game.exe | "{C7889E74-C351-4313-87C0-6C7EDBE3A94E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{C87665BE-4E73-4D4E-8A3C-00B3041C0EDC}" = protocol=17 | dir=in | app=d:\uawea.exe | "{CBAD4602-2A11-4B41-AB1B-0AA99B3E14BD}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "{CBBC8966-4EBA-4809-B13D-E8CC939A5620}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E11FE606-2FE9-4D1D-856E-C0C9A747313C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E38AE855-BBFF-4218-B916-A0F7C4EC1915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E7A3680A-6113-4949-885F-FFC148847C27}" = protocol=6 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxreflex.exe | "{E8781B5E-D6F6-45AB-B2EB-FCE4653F2B4C}" = protocol=17 | dir=in | app=d:\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe | "{F339345D-4F7B-4634-A65F-24C8E91F4DED}" = protocol=6 | dir=in | app=d:\supreme commander\bin\supremecommander.exe | "{F388A791-58F9-4D98-AE19-3128494DD3E3}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "{F8EB89C4-7169-49E6-A49C-C4E59619421C}" = protocol=17 | dir=in | app=d:\motocross\steamapps\common\mx vs atv reflex\mxreflex.exe | "TCP Query User{03B79428-9A1D-4018-B16B-3E770E5F1DCA}D:\heli simulator\game.exe" = protocol=6 | dir=in | app=d:\heli simulator\game.exe | "TCP Query User{13899BBA-26AF-4625-B6E9-16A87FC88133}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{428E985A-A05A-488F-BEC7-85B9AD11DBEF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{69D72336-703D-48F1-A537-E02749F2EE70}D:\hitman\hitmanbloodmoney.exe" = protocol=6 | dir=in | app=d:\hitman\hitmanbloodmoney.exe | "TCP Query User{8A577E0E-A055-42A1-87E8-CBD4DC8B5B5C}C:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe | "TCP Query User{A893428D-8DF5-4B72-B1E7-D7BD99467296}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{D165F55E-95E9-4EB3-BB9D-61099C78F278}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{EFCF9258-330F-4BC6-BF55-4F176678DC6A}D:\virtual dj\virtualdj_home.exe" = protocol=6 | dir=in | app=d:\virtual dj\virtualdj_home.exe | "UDP Query User{4A24AE34-D6FD-4BF6-B8F4-8F91F1B58C77}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{74F08C01-1A28-4594-9EE4-3860F866DBA0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{9370DD9C-6641-4B7F-8813-4502B6204043}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{9F74AE05-0F98-4C1A-BFFF-B2B393C9ACD2}C:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe | "UDP Query User{AE8A4182-FF0C-4772-B9AA-E5A1B009E8CD}D:\heli simulator\game.exe" = protocol=17 | dir=in | app=d:\heli simulator\game.exe | "UDP Query User{C34F0E21-8D1A-4F78-BE28-C9DDDEFA707A}D:\virtual dj\virtualdj_home.exe" = protocol=17 | dir=in | app=d:\virtual dj\virtualdj_home.exe | "UDP Query User{DE78200A-AB77-4B43-B0A1-4B46705ECCA1}D:\hitman\hitmanbloodmoney.exe" = protocol=17 | dir=in | app=d:\hitman\hitmanbloodmoney.exe | "UDP Query User{F67E9710-9863-4A91-BC28-18911AC3447F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable "{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ArcaniA" = ArcaniA - Gothic 4 "Audacity_is1" = Audacity 2.0 "AVS Disc Creator_is1" = AVS Disc Creator version 5.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7 "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3 "Call of Duty" = Call of Duty "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319 "Game_Master_2.1 Toolbar" = Game Master 2.1 Toolbar "InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "MFatigue Uninst" = Metal Fatigue Deinstallieren "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MTA:SA 1.1" = MTA:SA v1.1.1 "Origin" = Origin "RocketDock_is1" = RocketDock 1.3.5 "Steam App 55140" = MX vs ATV Reflex "TeamSpeak 3 Client" = TeamSpeak 3 Client "Waldmeister Sause XXL - Winteredition_is1" = Waldmeister Sause XXL - Winteredition ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.06.2012 16:02:33 | Computer Name = TOMYS-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x6d0 Startzeit der fehlerhaften Anwendung: 0x01cd441d937028d0 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8d0ce918-b012-11e1-a8b7-00044b027fd3 Error - 08.06.2012 01:02:09 | Computer Name = TOMYS-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba26 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000662e4 ID des fehlerhaften Prozesses: 0x940 Startzeit der fehlerhaften Anwendung: 0x01cd4533aee02838 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\USER32.dll Berichtskennung: 19652154-b127-11e1-9b3f-00044b027fd3 Error - 11.06.2012 12:59:17 | Computer Name = TOMYS-PC | Source = VSS | ID = 8194 Description = Error - 11.06.2012 12:59:35 | Computer Name = TOMYS-PC | Source = VSS | ID = 8194 Description = Error - 14.06.2012 14:26:38 | Computer Name = TOMYS-PC | Source = Application Hang | ID = 1002 Description = Programm audacity.exe, Version 2.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3ac Startzeit: 01cd4a5a6723d4f0 Endzeit: 10 Anwendungspfad: D:\Audacity\audacity.exe Berichts-ID: 6c0b8c51-b64e-11e1-b5fd-00044b027fd3 Error - 19.06.2012 08:01:16 | Computer Name = TOMYS-PC | Source = Application Hang | ID = 1002 Description = Programm sidebar.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 820 Startzeit: 01cd4e131d91c510 Endzeit: 0 Anwendungspfad: C:\Program Files\Windows Sidebar\sidebar.exe Berichts-ID: 7428ca91-ba06-11e1-98d6-00044b027fd3 Error - 20.06.2012 11:33:04 | Computer Name = TOMYS-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba26 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000662e4 ID des fehlerhaften Prozesses: 0x834 Startzeit der fehlerhaften Anwendung: 0x01cd4ef9bee15ca0 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\USER32.dll Berichtskennung: 398a25e0-baed-11e1-9ba1-00044b027fd3 Error - 21.06.2012 15:33:03 | Computer Name = TOMYS-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x2a8 Startzeit der fehlerhaften Anwendung: 0x01cd4fe466e61950 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: eac150f0-bbd7-11e1-b0af-00044b027fd3 Error - 24.06.2012 09:17:49 | Computer Name = TOMYS-PC | Source = VSS | ID = 8194 Description = Error - 16.07.2012 18:06:25 | Computer Name = TOMYS-PC | Source = Application Hang | ID = 1002 Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f78 Startzeit: 01cd639f338dcf70 Endzeit: 31 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 79ff0af1-cf92-11e1-906e-00044b027fd3 [ System Events ] Error - 16.07.2012 17:56:26 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:01:26 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:01:26 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:01:26 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:03:34 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:03:34 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:03:34 | Computer Name = TOMYS-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 16.07.2012 18:06:38 | Computer Name = TOMYS-PC | Source = bowser | ID = 8003 Description = Error - 16.07.2012 18:42:17 | Computer Name = TOMYS-PC | Source = bowser | ID = 8003 Description = Error - 16.07.2012 19:42:09 | Computer Name = TOMYS-PC | Source = bowser | ID = 8003 Description = < End of report > --- --- --- vielen dank im vorraus |
Themen zu befall vom neuen verschlüsselungs trojaner |
7-zip, alten, audacity, aufsetzten, befall, befallen, call of duty, conduit, dc3_fexec, ellung, empfohlen, forum, freund, heuristiks/extra, heuristiks/shuriken, hoffe, install.exe, kriege, langs, neu aufsetzten, neue, neuen, ntdll.dll, nvidia update, origin, rechner, schnell, searchqu toolbar, searchscopes, systemwiederherstellung, tagen, troja, trojane, trojaner, ukash, verschlüsselungs, verschlüsselungs trojaner, verschlüsselungstrojaner, würde |