![]() |
|
Log-Analyse und Auswertung: skype-wurmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() skype-wurm Hallo und Hilfe, ich habe von einem alten Bekannten eine Nachricht im Skype bekommen mit diesem Text:moin , kaum zu glauben was für schöne fotos von dir auf deinem profil dazu ein link, den ich auch angeklickt habe....da ich nebenbei am telefonieren war, und nicht groß nachgedacht habe, habe ich den link geöffnet und später auch die .exe-datei versucht zu öffnen ![]() Malwarebytes hat auch was gefunden, aber ist das der Skype-Wurm ?(soll ich das löschen? unter Quarantäne stellen geht nicht) Ich hatte irgendwo gelesen, dass ich im skype unter der Zugriffsverwaltung (externe Anwendungen) alles löschen soll, dass habe ich auch recht schnell gemacht. Bisher hat keiner meiner Kontakte diese Nachricht von mir erhalten. Ich bin kein Profi am PC/Lappi sondern nur ganz normaler Nutzer und würde mich über Hilfe freuen. Danke vorab und viele Grüße Mel ich habe jetzt mal versucht, die Checkliste vor erstellen eines Threads abzuarbeiten: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.08.02 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Markus :: MARKUS-PC [Administrator] Schutz: Aktiviert 08.10.2012 10:32:47 mbam-log-2012-10-08 (11-30-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 316811 Laufzeit: 48 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 08.10.2012 11:50:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 41,95% Memory free 3,74 Gb Paging File | 1,99 Gb Available in Paging File | 53,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 194,88 Gb Free Space | 83,72% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.08 11:47:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.01 18:20:09 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe PRC - [2011.03.28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.01.15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2010.10.19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.12.17 13:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2010.04.16 23:10:47 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2007.06.01 02:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2012.09.07 20:13:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.03.07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 01:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.08.06 15:42:26 | 000,022,216 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64) DRV:64bit: - [2007.06.01 02:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.06 15:42:26 | 000,022,216 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 28 23 F4 2C F3 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "DieStaemme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.die-staemme.de/" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.05.02 07:28:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:13:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 20:13:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:13:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 20:13:18 | 000,000,000 | ---D | M] [2010.04.16 23:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2012.10.05 08:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vjyaklie.default\extensions [2012.05.20 19:35:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\vjyaklie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.09.20 13:13:15 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\extensions\amznUWL2@amazon.com.xpi [2012.10.05 08:17:30 | 000,565,448 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\extensions\toolbar@web.de.xpi [2012.10.04 15:16:17 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.05 08:17:53 | 000,000,911 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\11-suche.xml [2010.08.19 22:28:00 | 000,000,923 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\conduit.xml [2012.10.05 08:17:54 | 000,002,273 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\englische-ergebnisse.xml [2012.10.05 08:17:53 | 000,010,563 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\gmx-suche.xml [2012.10.07 21:23:16 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\icqplugin-1.xml [2010.06.23 20:32:50 | 000,000,947 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\icqplugin.xml [2012.10.05 08:17:53 | 000,002,432 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\lastminute.xml [2012.10.05 08:17:53 | 000,005,545 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\vjyaklie.default\searchplugins\webde-suche.xml [2012.09.07 20:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 20:13:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.07 20:13:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.06.22 16:01:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.07.20 07:41:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 17:17:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.20 07:41:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.08.14 13:52:09 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.07.20 07:41:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 07:41:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 07:41:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: Google Mail = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Markus\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Markus\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49329A9A-0750-49CD-97D3-92662257C473}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0f76d241-1643-11e0-ab15-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{0f76d241-1643-11e0-ab15-c417feefa346}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{47948450-2aab-11e0-92a2-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{47948450-2aab-11e0-92a2-c417feefa346}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{cbb2e6cf-247e-11e1-9597-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{cbb2e6cf-247e-11e1-9597-c417feefa346}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{cd9bb0b6-fee8-11df-857d-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{cd9bb0b6-fee8-11df-857d-c417feefa346}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d272ebcc-c9eb-11df-ad8a-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{d272ebcc-c9eb-11df-ad8a-c417feefa346}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d272ebd1-c9eb-11df-ad8a-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{d272ebd1-c9eb-11df-ad8a-c417feefa346}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{df7862c3-ff77-11df-976b-c417feefa346}\Shell - "" = AutoRun O33 - MountPoints2\{df7862c3-ff77-11df-976b-c417feefa346}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.06 18:27:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes [2012.10.06 18:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.06 18:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.06 18:27:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.06 18:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.03 16:38:40 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Macromedia [2012.10.03 16:37:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed ========== Files - Modified Within 30 Days ========== [2012.10.08 11:43:49 | 000,000,000 | ---- | M] () -- C:\Users\Markus\defogger_reenable [2012.10.08 11:15:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.08 10:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.08 08:52:27 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 08:52:27 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 08:43:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.08 08:43:16 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys [2012.10.06 18:27:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.26 14:18:09 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.20 07:24:09 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.20 07:24:09 | 000,665,014 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.20 07:24:09 | 000,625,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.20 07:24:09 | 000,135,150 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.20 07:24:09 | 000,110,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2012.10.08 11:43:49 | 000,000,000 | ---- | C] () -- C:\Users\Markus\defogger_reenable [2012.10.06 18:27:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 12:49:41 | 001,555,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.04 13:38:22 | 000,000,016 | ---- | C] () -- C:\Users\Markus\persistent_state [2010.08.14 13:55:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.01 17:50:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Canon [2010.04.19 21:20:28 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\cld3-lookup [2012.01.01 15:22:01 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\com.smallblueprinter.gardenPlanner3 [2010.05.01 14:34:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\EssentialGrammarInUse [2012.07.31 17:22:19 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\FL_SIM_P4_DEMO_D [2010.08.14 13:52:08 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Gutscheinmieze [2012.01.01 14:27:53 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ [2011.06.13 11:00:40 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\IrfanView [2010.04.17 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org [2011.06.20 11:16:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Opera [2012.07.22 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\playmink [2010.10.29 22:11:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.10.2012 11:50:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 41,95% Memory free 3,74 Gb Paging File | 1,99 Gb Available in Paging File | 53,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 194,88 Gb Free Space | 83,72% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DB04DA-2C77-4C69-9520-6910A6EB543E}" = lport=2869 | protocol=6 | dir=in | app=system | "{0870D15A-A692-4F79-B2E1-883856F8F6AB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{09CD3D3A-72E3-412B-AE64-C0CBECBB25BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2AF85EAB-D7ED-4396-8B68-42A686E7419E}" = lport=139 | protocol=6 | dir=in | app=system | "{2E3163BD-2181-4351-B654-AA043AC5D668}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B9746D3-CC27-4982-BA2A-B6E0F8ED7A1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4BB284C6-2DAC-47C4-9A91-74ADC943027C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4D9FBC53-1DAD-427A-8360-ED4140E59976}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{53BD460C-2AB4-442A-88C7-EEC8514303F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{694044BE-5912-4ADF-972F-96DAE9E85100}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6FC33B28-CD7A-4D92-AC81-6C0AFAAD6EA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{775E4393-7970-4FDD-A265-CB6CF6D8F5B8}" = lport=445 | protocol=6 | dir=in | app=system | "{7C5A0CBD-553D-4941-86EC-797FA8937D98}" = rport=138 | protocol=17 | dir=out | app=system | "{7D29DE15-4665-4A1D-89AA-A92596D644AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{875C8208-795F-4CDD-80EF-1372A0634A8D}" = rport=137 | protocol=17 | dir=out | app=system | "{8EBD8F91-5892-4357-BD06-2EE85EFBF16C}" = rport=139 | protocol=6 | dir=out | app=system | "{9D996B12-9DD3-40E3-A6CB-E2B611DE8BB4}" = rport=10243 | protocol=6 | dir=out | app=system | "{A85DD344-1C3D-457F-8299-46B4AC946208}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B367DD71-028E-41E9-BCCC-CC855B450132}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B51362BB-B7A5-40FD-B4E5-57BC85375E13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA618B2B-C1EC-4F6D-B297-70E0EC5141B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BFBB6E49-D50A-4AB8-8617-772F855C5C16}" = lport=10243 | protocol=6 | dir=in | app=system | "{C0B1EF55-0BE5-47D4-9FE1-199BC632AE4A}" = lport=137 | protocol=17 | dir=in | app=system | "{C514D9D9-16D4-49B2-A48B-DA8E4A77CFE5}" = rport=445 | protocol=6 | dir=out | app=system | "{CCB43C78-D865-4F9F-B8D1-887BF02F4EA8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4DED826-C3FE-420B-AD67-BCDC7A7B8DFE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E27573CE-D0A9-4888-8522-2A19D9B46B06}" = lport=138 | protocol=17 | dir=in | app=system | "{E7D96AEA-1E69-430E-97E7-C3DBA4913439}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF15D9C8-9AEA-4B6B-B1D0-89C60755B0E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0969B8AC-7048-48B8-883C-FE46ACC9130C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | "{0A7962E3-6B4C-428F-AF4A-1B2B04EBE2AF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{11E7F88E-59FF-4E73-AE80-E3EBACC05D31}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | "{222F85DD-C6EA-4F86-AC50-AA00130AFB05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3F12C974-E518-4988-9FC7-158FB1C44F1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{496F0AA6-B7AC-4A34-A2FA-1704E7C60DD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{53172363-A8B7-417C-ADFD-357085BBAF60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5586111B-FAE7-46C1-8192-B44D84C04BF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5FBCE076-D4B9-4432-A854-3F2031FC0F8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{65294106-0C1B-4D3D-930C-C49CEA87090D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{818E6B75-C3FF-42F3-AE42-D6E7AEA692EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{82E88324-EF96-412A-BCCB-7BC621C1238F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{833DB8A5-FFD2-447E-B1C3-1F5FC4B26E51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{942C99FA-D78B-4C64-A65B-CB4AF5510BCA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9AE7406C-0026-4B15-BC2A-882E9B6435D9}" = protocol=6 | dir=out | app=system | "{9C203C25-17F2-45BB-B95D-1AA2096863CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9C5E55A3-DA28-475C-BA58-F6A8BEEF902E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A471512B-C9FA-4684-8FD4-1A5D4DE1EE91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B1F10102-2486-4461-AD02-BBCCB2D70B7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C408FE05-FBF4-4D01-B0BB-5FAE88F3F3EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CB708484-E696-463B-95C6-E64A1D623EB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D7FFC81D-6185-4AD7-9EC4-4A5285B8C17B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D90550C9-E3FF-4323-904F-17899DD95C1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F122DC0E-63C7-4EC0-A198-2EBC53B32C99}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FAA37C2F-30E7-4482-B348-9D765CB427A4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "TCP Query User{4741364E-C4A7-4A1F-BBB4-AF23F2DAD6AA}C:\windows\syswow64\ftp.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ftp.exe | "TCP Query User{DE987478-AB2B-4B36-99E8-A081FB557A66}C:\users\markus\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | "UDP Query User{2DE444E9-1133-43D1-9CED-C4E032C7C4F7}C:\users\markus\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | "UDP Query User{8B528E51-5757-4CE9-A373-C3880A1B0EF7}C:\windows\syswow64\ftp.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ftp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Power Management Driver" = ThinkPad Power Management Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{88DD8BB4-B96D-6976-F13B-923922898D5B}" = Garden Planner 3 "{9BFCF52F-9ACE-4BFF-9265-4A83B48D5EED}" = PKZIP Server for Windows 8.60.0007 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AudibleDownloadManager" = Audible Download Manager "avast" = avast! Internet Security "Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung "Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "com.smallblueprinter.gardenPlanner3" = Garden Planner 3 "Dr. Hardware 2011_is1" = Dr. Hardware 2011 11.0d "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Festo Fluidsim_is1" = Festo FluidSim 3.6 "FluidSIM 4.2n Pneumatik Demoversion" = FluidSIM 4.2n Pneumatik Demoversion "Fotosizer" = Fotosizer 1.31 "Google Chrome" = Google Chrome "Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar "IrfanView" = IrfanView (remove only) "Island Farm_is1" = Island Farm "LOGO!Soft Comfort V4.0" = LOGO!Soft Comfort V4.0 "LOGO!Soft Comfort V5.0" = LOGO!Soft Comfort V5.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "TeamViewer 5" = TeamViewer 5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.08.2012 05:19:29 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 04.08.2012 05:21:16 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 08.08.2012 11:53:48 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 08.08.2012 11:55:39 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 10.08.2012 03:30:43 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 10.08.2012 03:32:54 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.08.2012 11:52:19 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 14.08.2012 11:54:12 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 15.08.2012 06:20:58 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 15.08.2012 06:22:45 | Computer Name = Markus-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ Media Center Events ] Error - 08.06.2011 12:38:52 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 18:38:52 - Fehler beim Herstellen der Internetverbindung. 18:38:52 - Serververbindung konnte nicht hergestellt werden.. Error - 08.06.2011 12:39:25 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 18:39:20 - Fehler beim Herstellen der Internetverbindung. 18:39:20 - Serververbindung konnte nicht hergestellt werden.. Error - 28.06.2011 01:10:57 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 07:10:55 - Fehler beim Herstellen der Internetverbindung. 07:10:57 - Serververbindung konnte nicht hergestellt werden.. Error - 28.06.2011 01:11:17 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 07:11:05 - Fehler beim Herstellen der Internetverbindung. 07:11:05 - Serververbindung konnte nicht hergestellt werden.. Error - 28.06.2011 02:43:26 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 08:43:26 - Fehler beim Herstellen der Internetverbindung. 08:43:26 - Serververbindung konnte nicht hergestellt werden.. Error - 28.06.2011 02:43:36 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 08:43:31 - Fehler beim Herstellen der Internetverbindung. 08:43:31 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:18 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 02:48:44 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.10.2012 04:40:01 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. < End of report > Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:45 on 08/10/2012 (Markus) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
Themen zu skype-wurm |
adobe, antivirus, autorun, bho, canon, checkliste, error, fehler, firefox, flash player, format, google, home, install.exe, intranet, lenovo, link geöffnet, logfile, löschen?, mozilla, object, plug-in, realtek, registry, richtlinie, rundll, safer networking, scan, security, software, svchost.exe, trustedinstaller, udp, wlan, wurm |