![]() |
|
Plagegeister aller Art und deren Bekämpfung: Polizeitrojaner Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Polizeitrojaner Windows 7 hallo, ich habe ein problem mit einem polizeitrojaner unter windows 7 hier die entsprechenden logfiles: OTL: Code:
ATTFilter OTL logfile created on: 23.05.2013 19:25:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moosi\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,86% Memory free 6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 748,28 Gb Free Space | 82,19% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS Drive F: | 900,73 Mb Total Space | 840,00 Mb Free Space | 93,26% Space Free | Partition Type: FAT Computer Name: MOOSI-PC | User Name: Moosi | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 19:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe ========== Modules (No Company Name) ========== MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.06.18 11:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.13 20:39:31 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.08.19 10:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011.08.19 10:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0B5B0A47-E6FC-43F1-89A4-C04C64916EA3}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109220&babsrc=SP_ss&mntrId=a03a8f6200000000000074f06d1a153d IE - HKCU\..\SearchScopes\{21F7EF69-5C34-40C5-BAA3-E9CEE1F76C26}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.10 22:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.10 22:32:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.26 21:47:40 | 000,000,000 | ---D | M] [2010.09.23 18:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\Extensions [2013.03.10 12:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\Firefox\Profiles\bhc369s5.default\extensions [2012.07.29 16:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\extensions\gophoto@gophoto.it.xpi [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.01.26 21:47:32 | 000,002,422 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\searchplugins\babylon1.xml [2011.12.19 19:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.23 18:22:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2010.09.23 18:22:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1} [2013.03.10 12:50:13 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.26 21:47:24 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=109220&babsrc=HP_ss&mntrId=a03a8f6200000000000074f06d1a153d CHR - Extension: No name found = C:\Users\Moosi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1FB09BA-161C-4ECE-9D32-300BC9A0165F}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Moosi\AppData\Roaming\skype.dat) - C:\Users\Moosi\AppData\Roaming\skype.dat () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{aff8a662-de35-11e0-8181-6c626d4ee36f}\Shell - "" = AutoRun O33 - MountPoints2\{aff8a662-de35-11e0-8181-6c626d4ee36f}\Shell\AutoRun\command - "" = J:\MMMTest.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 19:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe [2013.05.20 18:32:33 | 000,000,000 | ---D | C] -- C:\Users\Moosi\AppData\Local\Cisco [2013.05.20 18:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco [2013.05.20 18:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco ========== Files - Modified Within 30 Days ========== [2013.05.23 19:24:57 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.23 19:24:57 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.23 19:24:57 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.23 19:24:57 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.23 19:24:36 | 000,000,156 | ---- | M] () -- C:\Users\Moosi\defogger_reenable [2013.05.23 19:20:06 | 000,377,856 | ---- | M] () -- C:\Users\Moosi\Desktop\gmer_2.1.19163.exe [2013.05.23 19:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe [2013.05.23 19:19:28 | 000,050,477 | ---- | M] () -- C:\Users\Moosi\Desktop\Defogger.exe [2013.05.23 18:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 18:59:03 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2013.05.23 18:55:41 | 000,000,004 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\skype.ini [2013.05.23 18:54:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.21 23:47:33 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 22:43:28 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 22:43:28 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 22:26:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 15:10:25 | 000,429,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.23 19:24:34 | 000,000,156 | ---- | C] () -- C:\Users\Moosi\defogger_reenable [2013.05.23 19:23:56 | 000,377,856 | ---- | C] () -- C:\Users\Moosi\Desktop\gmer_2.1.19163.exe [2013.05.23 19:23:56 | 000,050,477 | ---- | C] () -- C:\Users\Moosi\Desktop\Defogger.exe [2013.05.21 23:47:33 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.20 23:05:40 | 000,000,004 | ---- | C] () -- C:\Users\Moosi\AppData\Roaming\skype.ini [2012.09.06 12:18:07 | 000,005,236 | ---- | C] () -- C:\Users\Moosi\AppData\Local\recently-used.xbel [2012.07.04 22:32:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.01.11 20:00:55 | 000,098,304 | ---- | C] () -- C:\Users\Moosi\AppData\Roaming\skype.dat [2011.12.21 22:55:16 | 000,003,584 | ---- | C] () -- C:\Users\Moosi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.28 15:40:04 | 000,001,027 | ---- | C] () -- C:\Users\Moosi\Musik - Verknüpfung.lnk [2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.30 11:38:49 | 000,000,000 | -HSD | M] -- C:\Users\Moosi\AppData\Roaming\.# [2013.01.26 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\BabSolution [2013.01.26 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\Babylon [2011.12.23 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\DAEMON Tools Lite [2010.12.06 19:29:44 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\GrabIt [2011.11.27 11:49:09 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\Leadertech [2011.01.04 12:19:45 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\MAGIX ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 19:25:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moosi\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,86% Memory free 6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 748,28 Gb Free Space | 82,19% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS Drive F: | 900,73 Mb Total Space | 840,00 Mb Free Space | 93,26% Space Free | Partition Type: FAT Computer Name: MOOSI-PC | User Name: Moosi | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EE1441E-2B98-4015-93B6-C97F997F1C6F}" = rport=138 | protocol=17 | dir=out | app=system | "{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{1CB99D37-5903-44FB-AD6C-5FA294D0822B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{252AEF40-23BA-45AC-A5CD-BE7B34148DCC}" = rport=139 | protocol=6 | dir=out | app=system | "{2C29B114-9C81-49E7-9BC3-CF837BA143B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{35147092-AE6E-40C1-8DE3-6CD0857ECCBF}" = lport=139 | protocol=6 | dir=in | app=system | "{3986147F-9D10-4FC2-AFB3-7CE85329BA67}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{727EA388-CEA3-4FFA-B033-F2738048880B}" = rport=137 | protocol=17 | dir=out | app=system | "{75CBBD62-C7AF-49A1-966F-EC47BDED0704}" = lport=445 | protocol=6 | dir=in | app=system | "{88311290-C3A9-49D8-B9F9-62DE2010F09E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C73AAF57-23B4-4F24-B95C-0E90AD58A8C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CF9E3D6B-44AB-43CB-8D20-FDDDFA1392B4}" = lport=137 | protocol=17 | dir=in | app=system | "{D8031C98-DAE9-4910-93B0-0A680D551E9D}" = lport=138 | protocol=17 | dir=in | app=system | "{E8BFF9A2-2742-49ED-BC70-3B1D22326CAA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{1D898DAE-2DDA-469D-8C7A-4D1014A15F41}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | "{2BDC0C5A-E6F4-4881-B14B-4A23F1A8DB1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{50933ACB-76DC-4BC2-84B3-0FEC618AC2D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{731D7A7C-8350-4DCF-A968-852DD455EA7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{A13E4A01-0C3E-4986-8F10-EADE9C25FDAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DBE53DF1-89C7-4D34-B4AB-BAE1F40BECE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{CC741BA1-2D89-4560-A474-DEED886E0445}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{DB3060D5-19A4-4D0C-A7AD-83C99DABFE1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E5EFDB5F-0061-4A31-8498-6C8573DDEBF5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{5F1E9D0A-99DA-42C3-A7E2-CE02CD6CEE01}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{DC48926A-65EC-4241-9F57-7063E05706A0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{F3A1E182-A325-4FAD-B07C-301B69FBD5CD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite "{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New "{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English "{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish "{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0 "{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{45854A38-F4B0-4434-BB40-A8ED6FDDEEC9}" = "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese "{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0 "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar "{E7F56612-69F7-4F85-AD0B-B04B1C5BC3BD}" = Creative ZEN V Series (R2) "{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish "{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "1ClickDownload" = Movie2KDownloader "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BabylonToolbar" = Babylon toolbar "CCleaner" = CCleaner "Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger "DAEMON Tools Lite" = DAEMON Tools Lite "Deutsch 3 v1.2" = Deutsch 3 v1.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Gehirnjogging 3" = Gehirnjogging 3 "GIMP-2_is1" = GIMP 2.8.2 "Google Chrome" = Google Chrome "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997) "Hofer Foto Manager Free D" = Hofer Foto Manager Free "Hofer Foto Service D" = Hofer Foto Service "Hofer Fotodruck Service" = Hofer Fotodruck Service 4.5 "Hofer Online Druck Service D" = Hofer Online Druck Service "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Loewe4" = Löwenzahn 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "McAfee Security Scan" = McAfee Security Scan Plus "MEDION Fotos auf CD & DVD SE Hofer D" = MEDION Fotos auf CD & DVD SE Hofer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "QuickPar" = QuickPar 0.9 "QuickTime" = QuickTime "SysInfo" = Creative Systeminformationen "VLC media player" = VLC media player 1.1.7 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zahlenreise 3. Übungs-CD-ROM_is1" = Zahlenreise 3. Übungs-CD-ROM, V 1.0.2 "ZENcast Organizer" = ZENcast Organizer ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.12.2011 06:02:08 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 06:05:46 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 09:33:29 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 10:01:59 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 10:22:26 | Computer Name = Moosi-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax. Error - 16.12.2011 11:14:02 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 14:03:02 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 15:13:27 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 16:13:58 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 16.12.2011 17:01:13 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ Cisco AnyConnect Secure Mobility Client Events ] Error - 20.05.2013 13:22:40 | Computer Name = Moosi-PC | Source = acvpnui | ID = 67108866 Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 673 Invoked Function: ConnectMgr::initiateConnect Return Code: -29622263 (0xFE3C0009) Description: CONNECTMGR_ERROR_UNEXPECTED Error - 20.05.2013 13:22:42 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CHostLocator::buildHostLocator File: .\Utility\HostLocator.cpp Line: 293 Invoked Function: CHostLocator::ResolveHostname Return Code: -28049397 (0xFE54000B) Description: HOSTLOCATOR_ERROR_DNS_TIME_LIMIT_EXCEEDED Error - 20.05.2013 13:22:42 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::processConnectNotification File: .\MainThread.cpp Line: 11462 Invoked Function: CMainThread::resolveSGHost Return Code: -32702442 (0xFE0D0016) Description: MAINTHREAD_ERROR_DNS_RESOLUTION_FAILED Error - 20.05.2013 13:22:45 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CAutoProxy::GetAutoProxyStrings File: .\Proxy\AutoProxy.cpp Line: 139 Invoked Function: WinHttpGetProxyForUrl Return Code: 12180 (0x00002F94) Description: WINDOWS_ERROR_CODE SG URL https://univpn.univie.ac.at:443 Error - 20.05.2013 13:22:45 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp Line: 1032 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67110873 Description = Termination reason code 7: The agent has been stopped. Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp Line: 1790 Invoked Function: ::WSAGetOverlappedResult Return Code: 995 (0x000003E3) Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen. Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp Line: 1791 Invoked Function: ::WSARecv/::WSARecvFrom Return Code: 0 (0x00000000) Description: unknown Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp Line: 895 Invoked Function: CSocketTransport::readSocket Return Code: -31588312 (0xFE1E0028) Description: SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get result call for the socket failed. Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line: 1047 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31588312 (0xFE1E0028) Description: SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get result call for the socket failed. [ OSession Events ] Error - 21.10.2010 17:33:45 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5883 seconds with 3300 seconds of active time. This session ended with a crash. Error - 13.04.2011 14:04:05 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 13864 seconds with 6420 seconds of active time. This session ended with a crash. Error - 13.04.2011 14:14:41 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 614 seconds with 600 seconds of active time. This session ended with a crash. Error - 15.05.2011 13:36:05 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 2489 seconds with 1500 seconds of active time. This session ended with a crash. Error - 31.05.2011 15:38:36 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5951 seconds with 5520 seconds of active time. This session ended with a crash. Error - 09.06.2011 13:44:14 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 106 seconds with 0 seconds of active time. This session ended with a crash. Error - 09.06.2011 13:57:23 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 778 seconds with 60 seconds of active time. This session ended with a crash. Error - 22.08.2011 15:51:15 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 1858 seconds with 480 seconds of active time. This session ended with a crash. Error - 04.01.2013 18:05:01 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 9039 seconds with 4560 seconds of active time. This session ended with a crash. Error - 13.03.2013 17:27:28 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 10842 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = DCOM | ID = 10005 Description = Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = DCOM | ID = 10005 Description = Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-23 20:46:21 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000053 WDC_WD10 rev.80.0 931,51GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Moosi\AppData\Local\Temp\pwdoypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82842A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8287C1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Moosi\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- bitte um hilfe =) danke und lg |
Themen zu Polizeitrojaner Windows 7 |
1clickdownload, autorun, babylontoolbar, bho, browserprotect.dll, canon, defender, error, explorer, failed, fehler, firefox, flash player, format, gophoto, helper, home, iexplore.exe, install.exe, lws.exe, musik, pdfforge toolbar, plug-in, problem, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, udp, windows, windows 7. polizeitrojaner |