| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner v2.11Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.02.2013, 13:03
| #1 |
 |  GVU Trojaner v2.11 Guten Tag, Eine Freundin von mir hat sich den GVU Trojaner eingefangen, laut hxxp://www.bka-trojaner.de in der Version 2.11 Ich habe daraufhin mithilfe von Kaspersky Windows Unlocker die Sperre aufgehoben sowie einen Antivirenscan durchgeführt (mit Kaspersky und F Secure Antivirus). Daraufhin traten keine Probleme mehr auf. Ich weiß aber dass der Trojaner möglicherweise noch vorhanden ist und bitte um Hilfe bei der endgültigen Säuberung des Rechners. Systemscans mit Malwarebytes und OTL habe ich ebenfalls durchgeführt (logfiles siehe unten) MfG Christoph Schmalz Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jablonowski :: LAPTOP2 [Administrator] Schutz: Aktiviert 11.02.2013 11:03:14 mbam-log-2013-02-11 (11-03-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 374177 Laufzeit: 1 Stunde(n), 37 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jablonowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 11.02.2013 12:48:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jablonowski\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 48,06% Memory free 7,86 Gb Paging File | 5,77 Gb Available in Paging File | 73,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,60 Gb Total Space | 166,62 Gb Free Space | 58,34% Space Free | Partition Type: NTFS Drive D: | 292,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LAPTOP2 | User Name: Jablonowski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA) PRC - C:\Programme\Norman\Nvc\Bin\nhs.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Norman\Npm\Bin\zlh.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\njeeves.exe () PRC - C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) PRC - C:\Programme\Norman\Nvc\Bin\cclaw.exe (Norman ASA) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Telenor internet\AssistantServices.exe () PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng () MOD - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Norman\Npm\Bin\noemrc.dll () MOD - C:\Programme\Norman\Npm\Bin\libxml2.dll () MOD - C:\Programme\Norman\Npm\Bin\nqtcore4.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.) SRV - (fshoster) -- C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (FSORSPClient) -- C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA) SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA) SRV - (NHS) -- C:\Programme\Norman\Nvc\Bin\nhs.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA) SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\njeeves.exe () SRV - (NNFSVC) -- C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) SRV - (NVOY) -- C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (QipGuard) -- C:\Program Files (x86)\QipGuard\QipGuard.exe (QIP.ru) SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UI Assistant Service) -- C:\Program Files (x86)\Telenor internet\AssistantServices.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys () DRV:64bit: - (NvcMFlt) -- C:\Windows\SysNative\drivers\nvcv64mf.sys (Norman ASA) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PAC7302) -- C:\Windows\SysNative\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys () DRV - (fsvista) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys () DRV - (fsni) -- C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\fsni64.sys (F-Secure Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (nregsec) -- C:\Programme\Norman\Ngs\Bin\nregsec64.sys (Norman ASA) DRV - (NGS) -- c:\Programme\Norman\Ngs\Bin\ngs64.sys (Norman ASA) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Jablonowski\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.14.40.128 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.26 23:43:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.01 14:53:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.01 14:53:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.01 14:53:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.01 14:53:05 | 000,000,000 | ---D | M] [2012.01.09 22:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\Extensions [2013.01.31 22:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\Firefox\Profiles\iep1q3h3.default\extensions [2013.01.31 22:35:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\Firefox\Profiles\iep1q3h3.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.11.30 13:29:01 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\Firefox\Profiles\iep1q3h3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.02.04 21:51:47 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\Firefox\Profiles\iep1q3h3.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2013.02.11 11:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\Firefox\Profiles\iep1q3h3.default\extensions\staged [2012.12.12 15:23:49 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\firefox\profiles\iep1q3h3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.14 10:44:56 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Jablonowski\AppData\Roaming\mozilla\firefox\profiles\iep1q3h3.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.11.17 19:05:01 | 000,001,064 | ---- | M] () -- C:\Users\Jablonowski\AppData\Roaming\mozilla\firefox\profiles\iep1q3h3.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2012.02.04 22:13:12 | 000,002,062 | ---- | M] () -- C:\Users\Jablonowski\AppData\Roaming\mozilla\firefox\profiles\iep1q3h3.default\searchplugins\qip-search.xml [2013.02.01 14:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.01 14:53:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.01 14:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.02.11 11:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2013.02.11 11:13:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.11 11:13:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.11 11:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\distribution\extensions [2013.02.01 14:53:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.12.06 11:17:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.06 11:17:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.06 11:17:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.06 11:17:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.06 11:17:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.06 11:17:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Jablonowski\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Telenor internet\UIExec.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3229044520-671594625-2115795406-1000..\Run: [cfbdbaebbagfdgfdgdfg] "C:\ProgramData\cfbdbaebbagfdgfdgdfg.exe" File not found O4 - HKU\S-1-5-21-3229044520-671594625-2115795406-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Jablonowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jablonowski\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jablonowski\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3229044520-671594625-2115795406-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67F7B649-B53C-4F4B-88EA-57B6D7737602}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF54817E-116D-4EB1-92E1-B95B5F3F7EED}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.11 12:46:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jablonowski\Desktop\OTL.exe [2013.02.11 10:59:50 | 000,000,000 | ---D | C] -- C:\Users\Jablonowski\AppData\Roaming\Malwarebytes [2013.02.11 10:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.11 10:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.11 10:58:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.11 10:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.11 10:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jablonowski\AppData\Local\Programs [2013.02.04 13:07:02 | 000,000,000 | ---D | C] -- C:\Users\Jablonowski\Desktop\music i like [2013.02.04 13:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.01 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.29 14:10:20 | 000,000,000 | ---D | C] -- C:\Users\Jablonowski\Desktop\VOICE [2013.01.26 23:45:56 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.01.26 23:45:54 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.01.26 23:45:53 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.01.26 23:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.01.26 23:45:11 | 000,000,000 | ---D | C] -- C:\Users\Jablonowski\AppData\Roaming\TuneUp Software [2013.01.26 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.01.26 23:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.26 23:44:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.26 23:44:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.26 23:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.26 23:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.01.21 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\GB [2011.12.29 23:54:07 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Users\Jablonowski\gimp-2.6.11-i686-setup-1.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.11 12:46:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.11 11:56:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.11 10:58:47 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 10:56:27 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 10:56:27 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 10:52:56 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.11 10:52:56 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.11 10:52:56 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.11 10:52:56 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.11 10:52:56 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.11 10:48:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.11 10:47:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.11 10:46:53 | 3166,150,656 | -HS- | M] () -- C:\hiberfil.sys [2013.02.11 02:17:53 | 095,023,320 | ---- | M] () -- C:\ProgramData\1937673.pad [2013.02.06 14:48:15 | 000,000,153 | ---- | M] () -- C:\ProgramData\1937673.reg [2013.02.06 14:48:15 | 000,000,063 | ---- | M] () -- C:\ProgramData\1937673.bat [2013.02.04 13:05:08 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.04 13:05:08 | 000,002,085 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.01.26 23:43:41 | 000,001,437 | ---- | M] () -- C:\Users\Jablonowski\Desktop\Free YouTube to MP3 Converter.lnk [2013.01.17 16:39:02 | 000,083,977 | ---- | M] () -- C:\Users\Jablonowski\Desktop\K-P__Modulhandbuch.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.11 10:58:47 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.06 14:48:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\1937673.reg [2013.02.06 14:48:15 | 000,000,063 | ---- | C] () -- C:\ProgramData\1937673.bat [2013.02.06 14:48:13 | 095,023,320 | ---- | C] () -- C:\ProgramData\1937673.pad [2013.02.04 13:05:08 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.26 23:45:44 | 000,002,240 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.01.26 23:43:41 | 000,001,437 | ---- | C] () -- C:\Users\Jablonowski\Desktop\Free YouTube to MP3 Converter.lnk [2013.01.17 16:39:00 | 000,083,977 | ---- | C] () -- C:\Users\Jablonowski\Desktop\K-P__Modulhandbuch.pdf [2012.11.10 21:45:04 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2012.11.10 21:44:40 | 000,019,635 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2012.08.07 15:19:24 | 000,078,242 | ---- | C] () -- C:\Users\Jablonowski\BW.htm [2012.08.07 12:24:39 | 000,016,674 | ---- | C] () -- C:\Users\Jablonowski\funck Dental-Medizin GmbH Heidelberg *-*Ansprechpartner.htm [2012.02.18 01:38:39 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.14 16:34:25 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini [2011.12.29 23:53:59 | 009,385,368 | ---- | C] () -- C:\Users\Jablonowski\slmx-win-1_2_0-ea23_2.exe [2011.12.29 23:53:59 | 001,754,448 | ---- | C] () -- C:\Users\Jablonowski\smwin143de.exe [2011.12.29 23:53:59 | 000,393,216 | ---- | C] () -- C:\Users\Jablonowski\Termin32_2010-12-13.dat [2011.12.29 23:53:58 | 017,331,536 | ---- | C] () -- C:\Users\Jablonowski\lide200vst1403ea24.exe [2011.12.29 23:53:57 | 016,184,728 | ---- | C] () -- C:\Users\Jablonowski\ip4800swin241ea24.exe [2011.12.27 16:45:16 | 000,000,681 | ---- | C] () -- C:\Windows\VDDS_MMI.INI [2011.12.20 13:33:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi [2011.01.19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe [2011.01.19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2011.01.19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.11 01:23:52 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\Azureus [2011.12.27 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\Canon [2011.12.24 16:50:11 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\DAEMON Tools Lite [2013.01.26 23:43:39 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\DVDVideoSoft [2013.01.26 23:43:47 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.02 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\Garmin [2013.01.26 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\OpenCandy [2012.01.17 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\OpenOffice.org [2012.02.04 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\QIP [2012.02.04 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\QipGuard [2012.12.06 14:43:57 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\SoftGrid Client [2011.12.20 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\TP [2013.01.26 23:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jablonowski\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.02.2013 12:48:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jablonowski\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 48,06% Memory free
7,86 Gb Paging File | 5,77 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,60 Gb Total Space | 166,62 Gb Free Space | 58,34% Space Free | Partition Type: NTFS
Drive D: | 292,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LAPTOP2 | User Name: Jablonowski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B1944-43E6-4B3F-9BD4-D6B7DC7D7F78}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE68EBD9-D251-482D-8915-10A3E0B4B208}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{115A2B5F-DEAF-4B25-81FE-F4A652990DA2}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{236909DB-BE42-4AFA-BD8B-8AC57E44B619}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{244EB271-21AF-4A78-A0A4-02DC6A8C048A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{33B9DF25-FFB6-44BD-87AA-3A202A5D3B0E}" = protocol=1 | dir=out | name=winulum |
"{38A13313-DB85-4337-B329-9534319F4E9E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{46F0B511-ED58-44A0-9E5E-1999BAAC8872}" = protocol=1 | dir=in | name=winulum |
"{48484BC4-16E9-4FDB-8248-2A510331A0B8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5158CE9A-F067-40C2-A892-08409E279938}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{63FA8541-17FF-49B4-8659-764E7956E796}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{6EC15064-D379-4D43-8D3C-BC52B84595F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{785B474A-5029-4418-80C4-BC66E873F5A2}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{82E1AABD-4BE4-4D2A-8FC6-1DFE389223F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87A009F2-0339-40C6-9D66-D19A852ACD80}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{87DD18DA-B64E-436D-8021-A65F09F99F19}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{920238D6-3EF1-403D-B9E9-5B35631BABF9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AE14E87-CECC-459F-99F8-53711D3825E7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9EE1EC7D-738E-405C-AABC-C94C531183B8}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe |
"{ACA0E4D9-4179-428F-80B7-F0953460EA0C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{BA7CED1F-91E1-4231-A85B-26600EA904F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE9BE907-6965-4543-9662-352D4D0F0E2F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe |
"{F91404D2-D166-4C1F-AADE-134DB839BCA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FFDFF970-EE17-4088-8078-60BF1B6B675F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{425E4F94-4DB7-4DF4-B56B-C6B0F3278529}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{758A5070-BE18-416A-9609-93790B5DCA60}C:\program files (x86)\jeak.de\qip 2005\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jeak.de\qip 2005\qip.exe |
"TCP Query User{8237E67C-4B68-4A55-A337-FB3986CF5FA0}C:\program files (x86)\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe |
"TCP Query User{A9716974-4B36-40A2-BF53-4923B00C73AB}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{0E372487-666D-4DFE-8563-0B5E42C5FD62}C:\program files (x86)\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe |
"UDP Query User{55AF2A99-4494-465F-82CB-4A04C015A343}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{908F8738-54B6-4A9C-A4FB-D2B7CD363086}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{9CBCC114-5E7C-4078-B9CE-C936171CD312}C:\program files (x86)\jeak.de\qip 2005\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jeak.de\qip 2005\qip.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19522497-1DF2-40E8-AB3A-F1E133173060}" = Online Safety 2.71.927.655
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2FFABB79-E4B1-430A-AAE8-ACA886F3A34A}" = F-Secure Network CCF 1.02.126
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.71.102.0 (release)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7FE36E2A-6207-4FD9-8851-160B1980CF9A}" = F-Secure
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
"{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (German) 2010
"{90140000-001C-0407-0000-0000000FF1CE}_Office14.AccessRT_{264417E7-E622-456E-9666-3298344AF72C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.AccessRT_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.AccessRT_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Hama PC-Webcam Circle
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Telenor internet
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C377DE69-3085-4133-8502-17B90F41E169}" = F-Secure CCF Scanning 1.12.136.6280 (release)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Finale Allegro 2005" = Finale Allegro 2005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"FrWin" = Diagnostiksoftware
"F-Secure ServiceEnabler 666" = F-Secure
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mega Solitaire" = Mega Solitaire
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"ODEUNST #1" = Zahn32
"Office14.AccessRT" = Microsoft Access Runtime 2010
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.0
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3229044520-671594625-2115795406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.12.2012 14:30:25 | Computer Name = Laptop2 | Source = WinMgmt | ID = 10
Description =
Error - 06.12.2012 14:30:29 | Computer Name = Laptop2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4bfa3ae3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4bfa3ae3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0x7cc Startzeit der fehlerhaften Anwendung: 0x01cdd3dfb88af2f5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Telenor internet\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Telenor internet\UIExec.exe Berichtskennung: 021b51f1-3fd3-11e2-94fd-1c7508c67e9f
Error - 06.12.2012 15:54:23 | Computer Name = Laptop2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4bfa3ae3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4bfa3ae3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0xf44 Startzeit der fehlerhaften Anwendung: 0x01cdd3eb76909df7 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Telenor internet\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Telenor internet\UIExec.exe Berichtskennung: ba9c6e57-3fde-11e2-9566-1c7508c67e9f
Error - 06.12.2012 15:54:57 | Computer Name = Laptop2 | Source = WinMgmt | ID = 10
Description =
Error - 06.12.2012 15:55:32 | Computer Name = Laptop2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.12.2012 15:55:32 | Computer Name = Laptop2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4508
Error - 06.12.2012 15:55:32 | Computer Name = Laptop2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4508
Error - 09.12.2012 17:06:58 | Computer Name = Laptop2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4bfa3ae3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4bfa3ae3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0x4a8 Startzeit der fehlerhaften Anwendung: 0x01cdd6511d3de731 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Telenor internet\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Telenor internet\UIExec.exe Berichtskennung: 5e164e60-4244-11e2-9c06-1c7508c67e9f
Error - 09.12.2012 17:07:41 | Computer Name = Laptop2 | Source = WinMgmt | ID = 10
Description =
Error - 10.12.2012 06:19:50 | Computer Name = Laptop2 | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20.11.2011 08:40:29 | Computer Name = Jablonowski-PC | Source = MCUpdate | ID = 0
Description = 13:40:28 - Fehler beim Herstellen der Internetverbindung. 13:40:29
- Serververbindung konnte nicht hergestellt werden..
Error - 22.11.2011 14:06:10 | Computer Name = Jablonowski-PC | Source = MCUpdate | ID = 0
Description = 19:06:10 - Fehler beim Herstellen der Internetverbindung. 19:06:10
- Serververbindung konnte nicht hergestellt werden..
Error - 30.11.2011 01:20:01 | Computer Name = Jablonowski-PC | Source = MCUpdate | ID = 0
Description = 06:20:01 - Fehler beim Herstellen der Internetverbindung. 06:20:01
- Serververbindung konnte nicht hergestellt werden..
Error - 14.12.2011 05:51:43 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 10:51:43 - Fehler beim Herstellen der Internetverbindung. 10:51:43
- Serververbindung konnte nicht hergestellt werden..
Error - 15.12.2011 12:34:07 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 17:34:07 - Fehler beim Herstellen der Internetverbindung. 17:34:07
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2011 02:40:04 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 07:40:04 - Fehler beim Herstellen der Internetverbindung. 07:40:04
- Serververbindung konnte nicht hergestellt werden..
Error - 18.12.2011 13:15:36 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 18:15:36 - Fehler beim Herstellen der Internetverbindung. 18:15:36
- Serververbindung konnte nicht hergestellt werden..
Error - 24.12.2011 10:35:32 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 15:35:30 - Fehler beim Herstellen der Internetverbindung. 15:35:31
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2011 15:10:51 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 20:10:51 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 28.12.2011 21:43:53 | Computer Name = Laptop2 | Source = MCUpdate | ID = 0
Description = 02:43:53 - Fehler beim Herstellen der Internetverbindung. 02:43:53
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10.02.2013 21:38:40 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "netprofm" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 10.02.2013 21:38:40 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1069
Error - 10.02.2013 21:42:23 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 10.02.2013 21:42:23 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 10.02.2013 21:42:26 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 10.02.2013 21:42:26 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 10.02.2013 21:42:26 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "netprofm" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 10.02.2013 21:42:26 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1069
Error - 10.02.2013 21:42:27 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1115
Error - 10.02.2013 21:45:17 | Computer Name = Laptop2 | Source = Service Control Manager | ID = 7043
Description = Der Dienst TuneUp Utilities Service konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
< End of report >
Geändert von CS91 (11.02.2013 um 13:36 Uhr) |
| Themen zu GVU Trojaner v2.11 |
| antivirus, autorun, bho, bonjour, canon, converter, error, firefox, flash player, format, helper, home, install.exe, intranet, kaspersky, microsoft office starter 2010, monitor.exe, mozilla, mp3, norman, plug-in, realtek, registry, rundll, scan, services.exe, software, trojaner, udp, windows |
Baum-Darstellung