|
Log-Analyse und Auswertung: GVU "ihr computer wurde gesperrt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.12.2012, 18:18 | #46 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.12.2012, 19:56 | #47 |
| GVU "ihr computer wurde gesperrt" otl
__________________Code:
ATTFilter OTL logfile created on: 28.12.2012 19:14:13 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,83% Memory free 3,74 Gb Paging File | 2,88 Gb Available in Paging File | 76,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 3,48 Gb Free Space | 8,90% Space Free | Partition Type: NTFS Drive D: | 109,99 Gb Total Space | 17,62 Gb Free Space | 16,02% Space Free | Partition Type: NTFS Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\MobileBrServ\mbbService.exe () PRC - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== MOD - C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll () MOD - C:\Program Files\WinRAR\rarext.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe () SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Jonas\AppData\Local\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (EverestDriver) -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt () DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SISAGP) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation) DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (SiS Corporation) DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/ IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01 [binary data] IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 20:05:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions [2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.26 22:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions [2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com [2012.12.26 21:30:14 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi [2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml [2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml [2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml [2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml [2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml [2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml [2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.24 20:05:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.12.24 20:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.24 20:05:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.12.24 20:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.12.24 20:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.24 20:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.24 20:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.28 14:21:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 14:39:17 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.12.28 14:39:08 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.12.28 14:39:08 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.12.28 14:39:08 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.12.28 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.27 09:20:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.27 09:20:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.24 00:34:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.24 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\temp [2012.12.24 00:20:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.24 00:20:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.24 00:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.23 22:19:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.23 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.23 22:17:42 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe [2012.12.23 21:18:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe [2012.12.23 21:10:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe [2012.12.23 20:03:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles [2012.12.18 00:48:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.18 00:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.18 00:48:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.18 00:48:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.18 00:48:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.18 00:48:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.18 00:48:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.18 00:48:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.12.17 22:22:03 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.17 22:21:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.17 22:21:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.17 22:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.17 22:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.17 22:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.17 22:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.17 22:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.17 22:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.17 22:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.17 22:21:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.17 22:21:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.17 22:21:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.17 22:21:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.17 22:21:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.17 22:21:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.17 22:20:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2012.12.28 19:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 19:12:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 19:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 14:39:02 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.12.28 14:39:00 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.12.28 14:39:00 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.12.28 14:39:00 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.12.28 14:38:59 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2012.12.28 14:38:59 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.12.28 14:34:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.28 14:34:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.28 14:30:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 14:30:12 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 14:22:49 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 14:22:19 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 14:21:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.12.28 14:01:37 | 000,550,017 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner_2.103.exe [2012.12.27 16:25:55 | 000,659,982 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.27 16:25:55 | 000,623,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.27 16:25:55 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.27 16:25:55 | 000,109,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.27 10:35:18 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.24 20:05:36 | 000,002,001 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.12.23 22:18:26 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\ComboFix.exe [2012.12.23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe [2012.12.23 21:11:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe [2012.12.23 00:11:27 | 000,302,592 | ---- | M] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe [2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3 [2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk [2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.12.28 14:01:28 | 000,550,017 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner_2.103.exe [2012.12.24 00:20:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.24 00:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.24 00:20:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.24 00:20:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.24 00:20:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.23 00:11:26 | 000,302,592 | ---- | C] () -- C:\Users\Jonas\Desktop\0v0mzy2k.exe [2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable [2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3 [2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk [2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk [2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR [2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf [2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties [2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs [2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 19:14:13 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 61,83% Memory free 3,74 Gb Paging File | 2,88 Gb Available in Paging File | 76,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 3,48 Gb Free Space | 8,90% Space Free | Partition Type: NTFS Drive D: | 109,99 Gb Total Space | 17,62 Gb Free Space | 16,02% Space Free | Partition Type: NTFS Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system | "{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system | "{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system | "{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system | "{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system | "{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system | "{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system | "{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system | "{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system | "{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system | "{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system | "{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system | "{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | "{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite) "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "avast" = avast! Free Antivirus "Avidemux 2.5" = Avidemux 2.5 "AviSynth" = AviSynth 2.6 "AvsP_is1" = AvsP "CCleaner" = CCleaner "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "GUI for dvdauthor" = GUI for dvdauthor 1.07 "HaaliMkx" = Haali Media Splitter "HelixYUVCodecs" = Helix YUV Codecs (remove only) "IHMC CmapTools v4.12" = IHMC CmapTools v4.12 "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mobile Broadband HL Service" = Mobile Broadband HL Service "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "SiS163u" = 802.11 USB Wireless LAN Adapter "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2313167094-2298938448-2258890143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MiKTeX 2.9" = MiKTeX 2.9 "pdfsam" = pdfsam "Winamp Detect" = Winamp Anwendungserkennung ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192, Zeitstempel: 0x4e051153 Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192, Zeitstempel: 0x4e050fc7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a631ab ID des fehlerhaften Prozesses: 0xf50 Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung: 23b37e5e-c686-11e0-bb3e-00030d9779cd [ Cisco AnyConnect Secure Mobility Client Events ] Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 27.12.2012 04:15:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 27.12.2012 05:36:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 27.12.2012 05:41:09 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 27.12.2012 05:43:37 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 27.12.2012 11:20:44 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 28.12.2012 08:49:44 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 28.12.2012 09:21:00 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 28.12.2012 09:23:11 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE [ Media Center Events ] Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 20:58:19 - Error connecting to the internet. 20:58:19 - Unable to contact server.. Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 20:58:28 - Error connecting to the internet. 20:58:28 - Unable to contact server.. Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 09:43:14 - Error connecting to the internet. 09:43:14 - Unable to contact server.. Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 20:38:54 - Error connecting to the internet. 20:38:54 - Unable to contact server.. Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 20:38:59 - Error connecting to the internet. 20:38:59 - Unable to contact server.. Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 22:00:22 - Error connecting to the internet. 22:00:22 - Unable to contact server.. Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 22:00:27 - Error connecting to the internet. 22:00:27 - Unable to contact server.. Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 20:33:18 - Error connecting to the internet. 20:33:18 - Unable to contact server.. Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0 Description = 20:33:23 - Error connecting to the internet. 20:33:23 - Unable to contact server.. [ OSession Events ] Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107 seconds with 300 seconds of active time. This session ended with a crash. Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112 seconds with 360 seconds of active time. This session ended with a crash. Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406 seconds with 840 seconds of active time. This session ended with a crash. Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605 seconds with 5640 seconds of active time. This session ended with a crash. Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79696 seconds with 7980 seconds of active time. This session ended with a crash. Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848 seconds with 1260 seconds of active time. This session ended with a crash. Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37455 seconds with 720 seconds of active time. This session ended with a crash. Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 754 seconds with 300 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.12.2012 11:20:27 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.12.2012 13:39:32 | Computer Name = Jonas-PC | Source = Microsoft-Windows-HAL | ID = 12 Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error - 28.12.2012 08:49:23 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 28.12.2012 08:49:23 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.12.2012 08:49:38 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht. Error - 28.12.2012 09:20:51 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Restart the service. Error - 28.12.2012 09:22:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Remote Access Connection Manager" ist vom Dienst "Telephony" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 28.12.2012 09:22:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Internet Connection Sharing (ICS)" ist vom Dienst "Remote Access Connection Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 28.12.2012 09:23:02 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht. Error - 28.12.2012 11:55:37 | Computer Name = Jonas-PC | Source = Microsoft-Windows-HAL | ID = 12 Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. < End of report > |
28.12.2012, 19:59 | #48 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
29.12.2012, 00:36 | #49 |
| GVU "ihr computer wurde gesperrt" habe den maleware bytes scan (nicht den quickscan sondern den ausführlichen laufen lassen). das hat zieml lange gedauert. aber ich bin mir nicht sicher ob er ales geschaft hab. als ich gerade zurück an den laptop war war er in den standbymodus gewechselt. ich hoffe das macht er nicht während eines scans.als ich ihn wieder aus dem standby zurück geholt habe hat er mir gesagt scan abgeschlossen. hier auf jeden fall die log datei: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.10 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Jonas :: JONAS-PC [Administrator] 28.12.2012 20:18:51 MBAM-log-2012-12-29 (00-12-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 414745 Laufzeit: 1 Stunde(n), 58 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\Users\Jonas\wgsdgsdgdsgsd.dll.vir (Trojan.Reveton) -> Keine Aktion durchgeführt. (Ende) bei dem ESET scanner kommt immer die meldung can not get update is proxy configured? habe firewall und avast dabei auf jeden fall ausgehabt, und auch keine proxy einstellungen vorgenommen. also nur die 2 haken wie geschrieben gesetzt bzw entfernt. und noch eine frage zu dem usb stick. ich habe den nachdem ich den virus bekommen hatte im sicheren modus angeschlossen um eine datei zu sichern die ich dringend brauchte. habe die dann online gecheckt und konnte daran weiterarbeiten. weiß aber nicht ob der stick quasi etwas abbekommen hat. ist es dann ratsam diesen stick während des scans anzuschliesßen, wenn ja kein antivirenprogram und keine firewall aktiv ist? |
29.12.2012, 00:39 | #50 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Dieses Setup von ESET von runterladen => http://filepony.de/download-eset_online_scanner/ Beende danach alle Programme und starte das Setup via Rechtklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
29.12.2012, 00:48 | #51 |
| GVU "ihr computer wurde gesperrt" 100% des downloads der virendatenbank und dann: unexpected error 2002 |
29.12.2012, 00:49 | #52 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Bitte darin testen Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
29.12.2012, 01:08 | #53 |
| GVU "ihr computer wurde gesperrt" sry an gleicher stelle der gleiche fehler. heute morgen hat es dann doch noch im normalen modus geklappt. der scan läuft immer noch (schreibe von einem anderen pc). usb stick ist nicht drin. vllt lag es daran. poste die logfile sobald ich sie habe. hier nun die log vom ESET scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f006084a5da86849adadf7411a47235f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-29 01:11:23 # local_time=2012-12-29 02:11:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=774 16777213 100 94 974556 133496555 0 0 # compatibility_mode=1797 16774142 0 1 18917076 18917076 0 0 # compatibility_mode=5893 16776573 100 94 36261 108417874 0 0 # scanned=224506 # found=3 # cleaned=0 # scan_time=8237 C:\Qoobox\Quarantine\C\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk.vir Win32/Reveton.M trojan (unable to clean) B44BA569E783000DB3FE541264E3890E3C9EEB3E I C:\_OTL\MovedFiles.zip JS/Agent.NID trojan (unable to clean) C35CBDC0D8AD570389B0C16FEDB648E8E2BF6C62 I C:\_OTL\MovedFiles\12272012_104100\C_ProgramData\dsgsdgdsgdsgw.js JS/Agent.NID trojan (unable to clean) 71613CA7D671FB83FEE3BC4F5C934E0E6E9EE988 I |
29.12.2012, 21:28 | #54 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Sieht soweit ok aus, nur Funde in der Q von OTL Und Combofix Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
29.12.2012, 22:34 | #55 |
| GVU "ihr computer wurde gesperrt" 1) danke für deine hilfe!!! 2) mit den cookies werde ich mich drum kümmern. 3) soll ich die quarantäne ordner manuell löschen? 4) soll ich OTL oder die anderen scanner deinstallieren oder lass ich die einfach auf dem rechner? 5) was würdest du mit dem usb stick machen? kann ich den einfach mal anschließen und mit avast oder ähnlichem testen und funde löschen? 6) würdest du dich trauen mt dem rechner noch online banking zu machen? ich habe hier im forum etwas dazu gelesen. zb secure banking. damit sollte es doch eigtl gehen oder? 7) habe flash player, adobe reader, java und mozilla alles upto date.werde auch noch die plug ins checken und updaten. muss ich sonst noch auf etwas achten? 8) noch mal danke! |
30.12.2012, 01:25 | #56 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Lass die Q-Ordner bitte in Ruhe, da muss man nichts manuell löschen USB-Datenträger einfach mit einem Scanner und/oder Malwarebytes prüfen lassen Und ja, ich denke OnlineBanking kannst du ruhig machen Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu GVU "ihr computer wurde gesperrt" |
antivirus, autorun, bho, computer, error, excel, failed, fehler, firefox, flash player, geld, helper, install.exe, internet, kaspersky, lanmanworkstation, launch, lightning, logfile, mozilla, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, thomson, virus, windows, wma |