|
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.02.2013, 10:23 | #1 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.02.2013 08:54:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isabel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 87,40% Memory free 7,90 Gb Paging File | 7,41 Gb Available in Paging File | 93,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,77 Gb Total Space | 401,60 Gb Free Space | 89,09% Space Free | Partition Type: NTFS Drive D: | 14,69 Gb Total Space | 1,61 Gb Free Space | 10,94% Space Free | Partition Type: NTFS Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32 Computer Name: ISABEL-HP | User Name: Isabel | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.25 08:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isabel\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.04.07 16:36:56 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.02.20 19:41:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.13 08:09:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 23:16:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 23:13:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.18 23:37:00 | 002,372,096 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.02.01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.05 18:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 14:17:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 14:17:57 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.07 17:07:04 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.04.07 16:02:36 | 000,293,376 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.02.15 20:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.01.12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.08 02:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.04 19:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.07.28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{353745D8-F58F-4224-8817-A69FED191332}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{605AB9CB-5387-483F-9DEC-2B2F5798E222}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6BC48128-129E-4233-BE66-0B6F2AA30EB2}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6DFDA7B5-B434-4302-BBD1-47AFFB019771}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{E57EB5DA-BFE0-4D44-B5B9-27EEE5053977}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{E90E11EE-F635-44EC-8008-3C6B1C1C81B2}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Isabel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 19:41:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 11:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabel\AppData\Roaming\mozilla\Extensions [2012.10.24 16:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabel\AppData\Roaming\mozilla\Firefox\Profiles\ga9yu6ex.default\extensions [2013.02.20 19:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.20 19:41:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Isabel\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isabel\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Isabel\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4 - Startup: C:\Users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25CE36E1-7148-4F67-80E3-5BEBE94EF21D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941B6550-1C66-480B-895A-5D009A80B2D8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1ba24fe7-2cbe-11e1-912f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1ba24fe7-2cbe-11e1-912f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\o2Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 08:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Isabel\Desktop\OTL.exe [2013.02.20 19:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.19 19:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.19 19:28:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.19 19:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.29 17:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2013.01.29 17:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.25 08:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isabel\Desktop\OTL.exe [2013.02.25 08:50:45 | 000,000,000 | ---- | M] () -- C:\Users\Isabel\defogger_reenable [2013.02.25 08:49:11 | 000,050,477 | ---- | M] () -- C:\Users\Isabel\Desktop\Defogger.exe [2013.02.25 08:46:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.25 08:46:24 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2013.02.24 23:29:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 23:29:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 22:18:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000UA.job [2013.02.24 22:09:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.24 21:55:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000UA.job [2013.02.24 17:55:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000Core.job [2013.02.24 16:19:10 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000Core.job [2013.02.22 10:38:23 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 10:38:23 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 10:38:23 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 10:38:23 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 10:38:23 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.19 19:28:04 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.13 15:10:57 | 000,295,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.01 08:58:31 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIsabel.job [2013.01.29 17:08:17 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Secure Banking.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.25 08:50:45 | 000,000,000 | ---- | C] () -- C:\Users\Isabel\defogger_reenable [2013.02.25 08:49:11 | 000,050,477 | ---- | C] () -- C:\Users\Isabel\Desktop\Defogger.exe [2013.01.29 17:08:17 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Secure Banking.lnk [2012.03.27 13:58:41 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.03.27 13:58:40 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2011.12.24 22:35:02 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.12 00:46:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.12 00:43:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.06.12 00:39:48 | 000,003,054 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.06.12 00:35:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.05.14 20:50:25 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.03.03 20:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.04 18:57:04 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\1&1 Mail & Media GmbH [2013.02.25 08:45:00 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\Dropbox [2012.03.17 11:10:42 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\OpenOffice.org [2013.02.23 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\SoftGrid Client [2011.12.22 20:15:09 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\Synaptics [2011.12.24 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\TP [2012.04.04 19:30:53 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.02.2013 08:54:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isabel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 87,40% Memory free 7,90 Gb Paging File | 7,41 Gb Available in Paging File | 93,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,77 Gb Total Space | 401,60 Gb Free Space | 89,09% Space Free | Partition Type: NTFS Drive D: | 14,69 Gb Total Space | 1,61 Gb Free Space | 10,94% Space Free | Partition Type: NTFS Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32 Computer Name: ISABEL-HP | User Name: Isabel | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1AB0C95A-7443-4619-8102-C950EC94D971}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1CB06875-BE00-4010-8EDF-883A089D5447}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{253FB009-634E-4DFB-B4E0-97A6464D4272}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2A032C3F-EBF1-43B3-84C1-AE981A8FE946}" = lport=137 | protocol=17 | dir=in | app=system | "{5511F03A-12FD-47FE-A209-13A82C40C604}" = rport=138 | protocol=17 | dir=out | app=system | "{61F87EC6-AFBC-422D-ABF2-1C6390BFB2FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6435C2D1-C6FC-419F-9815-85801E0FEA61}" = rport=10243 | protocol=6 | dir=out | app=system | "{667B9E12-EA26-4479-A553-258C3448694A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7DF6C254-FA7C-410F-A1E5-74156FB7D286}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{89045899-5A0F-467A-8C45-BC7DC16C7E4A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A1BF5F6-AFB9-449C-91A1-2F066F5DAB32}" = lport=139 | protocol=6 | dir=in | app=system | "{942F1AE1-71B9-4A2F-89B8-E9727839E958}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{95018C1B-EF58-49AD-ACA1-E7BDF0DACC28}" = lport=2869 | protocol=6 | dir=in | app=system | "{9A93EE1E-3B06-44B0-AD3E-D905E392718C}" = lport=10243 | protocol=6 | dir=in | app=system | "{9B2BFA94-BAF8-47B6-B371-1BDF8F6BE05A}" = rport=139 | protocol=6 | dir=out | app=system | "{AECCB60E-62E6-4662-87C5-A5B350CA7154}" = lport=445 | protocol=6 | dir=in | app=system | "{B0489B85-920C-4A67-A502-092832F7F25A}" = rport=137 | protocol=17 | dir=out | app=system | "{B7918CB0-0DB1-40D4-8127-CEB178F58D61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BAEA5216-FC4E-4685-96DA-5B0E26F229B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C9402341-560F-443C-924B-2E08244656E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CB7F4EB4-E2AB-4C6F-A3D2-9BB01E76CC7F}" = rport=445 | protocol=6 | dir=out | app=system | "{D58FB4F6-E970-4051-9035-2562E0EFA5BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D932AA00-77B7-4E2C-80A2-0A065FEF2A69}" = lport=138 | protocol=17 | dir=in | app=system | "{E6341C00-F556-4641-9D1A-8289781B3A40}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EA241428-01A4-4A10-AE7A-887A612F92B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B31F7EB-9C46-4FD9-A06B-443B010AD00B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{11FD7266-A604-4097-B071-D3ED508FF093}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{14F405D7-306A-4130-B22F-1A0929CBFB3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1D416078-321D-48B5-86BF-AFB8E44E78EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{262D1479-8CE5-47B8-921B-FD3F26AA01F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2A7275EE-3833-451F-A641-A2A5205E6AE5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{30D00260-E57B-498C-99A9-002A0F7A93A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{41606BCA-3D7D-4145-A385-B85EC12569D6}" = dir=in | app=c:\users\isabel\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{4FD7BAE7-3F54-4BA5-AB68-CB8DF41BC497}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5339D92D-7B90-4B16-8405-813A1D5F4657}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{564BE9E0-2C0E-43F4-A40D-B0F0C3C2A89E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{684C250A-CA49-48D2-A3BC-D4E68D98DC74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B7170BD-E7FF-4602-83D6-5FFE1E32BFD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7E19D081-0D25-4EF7-B08A-883413912E6B}" = protocol=6 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | "{8FE4B161-DAC6-4CC7-B595-0ABFCC68E776}" = protocol=6 | dir=out | app=system | "{957252C6-EFB9-4F3F-8760-48D39A422A66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{967F24C1-F681-48E8-8581-B20FE77BAB0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A36BC5DE-69AC-49A8-90D2-E64DCC1E3872}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AB61D50E-7605-4036-AC1B-4206E21FDB12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B94CB02C-103C-44BF-9B83-C9C315EE1A40}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BAD11850-3401-45F3-B492-190BC956C923}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BB1C921B-FF0D-4A5F-A861-D96F0100F15D}" = protocol=58 | dir=in | app=system | "{BC0B1228-80DF-4371-BC9C-A0AC18718A40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C621A51B-709D-4BAD-81CE-BCF65F395B17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C86A1533-5533-4FC7-A44B-3ABBB51F0F97}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{E0576B92-3187-45AD-A345-683ADCEC5754}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{E0F68249-1898-478C-B5F3-7FA3E9F889A9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{E949E352-00F5-4562-BD7B-0274B4A57592}" = protocol=17 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | "{EDBD330E-255D-4C6E-AD0F-333A74DC68D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F7F214AE-7AE7-4927-9B1B-DC98A3D16D82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{1D3C29BF-5FF6-453F-8118-F5A7E77501EC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{E679EF09-28B6-4E64-9AC5-73509C979BDF}C:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{1E933853-1A32-408F-B611-D87789003D95}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{68ED56AE-40E2-41CB-A6E8-495180C3D711}C:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}" = ATI Catalyst Install Manager "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{47FBE83E-4AE6-4E4C-A9AA-F5838E1FF925}" = GMX Toolbar MSVC100 CRT x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B4780D78-61F7-DE72-2E26-94EAEF13A877}" = ccc-utility64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics TouchPad Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0AD8324F-C5F8-7D42-194E-329B8D1DB340}" = CCC Help Chinese Traditional "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13D5D877-E722-1A5B-B554-074A7DE71772}" = CCC Help Korean "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding "{1DC6D76B-AFDE-A59F-20AB-790BCA036D0F}" = CCC Help Russian "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2FBAD1-7DCC-4769-0D28-F148B04B6EE0}" = CCC Help Greek "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1 "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4574C6C1-41CE-54F1-C942-5B923A2DAB30}" = CCC Help Hungarian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{4F51B5A2-952D-52D9-196A-8E9E8B7023A5}" = CCC Help Spanish "{4F52A280-7164-3B30-0F56-CCFF6B4BFF9F}" = CCC Help Danish "{520F374B-6157-BF93-E988-0EA3E3D3946D}" = CCC Help Thai "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A0D5C83-DFA2-D5EA-2F5C-07F9C281DFAC}" = CCC Help Norwegian "{5EBF0407-366C-1A14-DEE0-502E26C69A2C}" = CCC Help German "{620C8175-DA37-E6BE-0378-B4B91869B44E}" = Catalyst Control Center Profiles Mobile "{622EF969-C000-54E6-5EDF-557908AAC259}" = ccc-core-static "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation "{6E7542AC-201E-A4B5-A357-632D77CEC2C0}" = CCC Help Japanese "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8027F887-2A1B-0C4E-0573-0243F491CB98}" = CCC Help Dutch "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{814D1480-82F1-89A8-94E9-17115DBB844C}" = Catalyst Control Center InstallProxy "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8508C2D5-AE78-C335-F6D6-07F96F8F4E7D}" = CCC Help Chinese Standard "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8783555D-7EE3-C162-DEFC-0BF92AF9FCFA}" = CCC Help Portuguese "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{896448B2-2F82-E322-7A3B-98180D8015BC}" = CCC Help Swedish "{8B3F2E25-6825-1FC7-7A59-4324E37F1974}" = CCC Help Finnish "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94D48CF3-FD0A-EF10-13BE-66BD803A5A16}" = PX Profile Update "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F5CC09D-97E9-E35D-00D6-44FCE1543322}" = Catalyst Control Center Graphics Previews Common "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B420318C-D55C-5C71-4A57-6A2F850604DC}" = Catalyst Control Center Localization All "{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DD90EFA4-37B7-C4DA-F7A3-5B150E058508}" = CCC Help Czech "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E8C2751F-1ECF-E73B-CCAD-F21FE827C5C0}" = CCC Help Italian "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F29DD72D-F748-6D9E-AEB1-8610E279A0ED}" = CCC Help English "{F55AA104-4F14-FE47-2A2C-8D734FB346DA}" = CCC Help French "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD2A3058-0547-E960-430D-1A580E044AA1}" = CCC Help Polish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira Free Antivirus "EasyBits Magic Desktop" = Magic Desktop "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WT087330" = Bounce Symphony "WT087361" = FATE "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087490" = Jewel Quest Solitaire "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087536" = Diner Dash 2 Restaurant Rescue "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089458" = Plants vs. Zombies - Game of the Year "WT089460" = Mystery P.I. - The London Caper "WT089484" = Namco All-Stars PAC-MAN "WT089492" = Crazy Chicken Kart 2 "WT089493" = Fishdom "WT089497" = Big Rig Europe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.12.2012 09:38:56 | Computer Name = Isabel-HP | Source = WinMgmt | ID = 10 Description = Error - 03.12.2012 14:21:03 | Computer Name = Isabel-HP | Source = Google Update | ID = 20 Description = Error - 03.12.2012 15:46:37 | Computer Name = Isabel-HP | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 18d4 Startzeit: 01cdd187c4e5d5cf Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 1ed4e3c9-3d82-11e2-a1dc-2c27d7e00f22 Error - 03.12.2012 15:56:05 | Computer Name = Isabel-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 04.12.2012 02:30:00 | Computer Name = Isabel-HP | Source = WinMgmt | ID = 10 Description = Error - 04.12.2012 03:31:02 | Computer Name = Isabel-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht. Error - 04.12.2012 03:35:59 | Computer Name = Isabel-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 04.12.2012 11:40:39 | Computer Name = Isabel-HP | Source = WinMgmt | ID = 10 Description = Error - 04.12.2012 15:47:53 | Computer Name = Isabel-HP | Source = Google Update | ID = 20 Description = Error - 04.12.2012 16:25:59 | Computer Name = Isabel-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC [ Hewlett-Packard Events ] Error - 14.10.2012 08:31:53 | Computer Name = Isabel-HP | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection() bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection() bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 4043 Ram Utilization: 50 TargetSite: Void closeConnection() Error - 14.10.2012 08:32:16 | Computer Name = Isabel-HP | Source = HPSF.exe | ID = 4000 Description = Error - 14.10.2012 12:45:21 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 22.10.2012 01:48:41 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 29.10.2012 02:42:26 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 11.11.2012 16:23:54 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 18.11.2012 13:27:47 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 03.12.2012 02:36:51 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 10.12.2012 02:41:38 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: TargetSite: Void UpdateAndDetect() Error - 17.12.2012 03:41:53 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() [ HP Connection Manager Events ] Error - 13.02.2013 03:14:43 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/13 08:14:43.624|00000528|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 13.02.2013 12:26:19 | Computer Name = Isabel-HP | Source = hpMobile | ID = 5 Description = 2013.02.13 17:26:19.735|000012E4|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|Die Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D) Error - 19.02.2013 07:00:11 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/19 12:00:11.943|00001548|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 19.02.2013 16:42:12 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/19 21:42:12.125|00000A44|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 20.02.2013 04:54:41 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/20 09:54:41.094|00001148|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 21.02.2013 04:03:18 | Computer Name = Isabel-HP | Source = hpMobile | ID = 5 Description = 2013.02.21 09:03:18.976|00000C0C|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|Die Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D) Error - 22.02.2013 17:22:43 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/22 22:22:43.977|00000B24|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 24.02.2013 14:13:08 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/24 19:13:08.310|00001760|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 24.02.2013 17:46:27 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/24 22:46:27.795|0000090C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 24.02.2013 17:46:33 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5 Description = 2013/02/24 22:46:33.927|0000090C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ HP Software Framework Events ] Error - 11.01.2013 02:08:23 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.11 07:08:23.504|00001280|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 12.01.2013 04:14:17 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.12 09:14:17.430|00000950|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 13.01.2013 02:27:43 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.13 07:27:43.767|00000B60|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 13.01.2013 05:56:52 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.13 10:56:51.985|0000071C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 13.01.2013 13:55:56 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.13 18:55:56.771|00000BF4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 14.01.2013 02:30:49 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.14 07:30:49.914|00000774|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 14.01.2013 08:56:56 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.14 13:56:56.282|00000D78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15.01.2013 02:28:45 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.15 07:28:45.666|0000026C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15.01.2013 10:56:10 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.15 15:56:10.267|00000B4C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15.01.2013 16:21:39 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5 Description = 2013.01.15 21:21:39.891|000009A0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = DCOM | ID = 10005 Description = Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = DCOM | ID = 10005 Description = Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.02.2013 03:46:56 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > GMER: keine System-Änderungen gefunden Antivir hat diesen Virus "TR/Crypt.ZPACK.Gen2" bei mir gefunden. Hatte bis dahin und auch direkt danach keinerlei Probleme mit meinem Laptop. Ich habe dann noch einmal einen kompletten Suchlauf mit Antivir laufen lassen, bei dem allerdings keinerlei Viren gefunden wurden. Jetzt kann ich mein Antivir nicht mehr aktivieren. Wenn ich versuche es einzuschalten, passiert gar nichts und ich kann auch in anderen Programmen keinerlei Schaltflächen mehr anklicken. Ich versuche meinen Laptop jetzt im abgesichertem Modus mit Netzwerktreibern zu starten. Dabei macht mein Laptop allerdings neuerdings beim Starten mehrere Piepgeräusche und fährt manchmal ganz normal hoch, ohne dass ich den abgsicherten Modus anwählen kann. |
25.02.2013, 17:57 | #2 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exebitte mal Log von Avira posten: http://www.trojaner-board.de/125889-...tml#post941534 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
25.02.2013, 18:26 | #3 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Log von Avira:
__________________Exportierte Ereignisse: 24.02.2013 21:21 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Program Files (x86)\Skype\Phone\Skype.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Malware Bytes: keine Malware gefunden AdwCleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 18:52:44 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Isabel - ISABEL-HP # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Isabel\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\Isabel\AppData\Roaming\Mozilla\Firefox\Profiles\ga9yu6ex.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v25.0.1364.97 Datei : C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1661 octets] - [25/02/2013 18:52:44] ########## EOF - C:\AdwCleaner[S1].txt - [1721 octets] ########## |
26.02.2013, 12:08 | #4 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Wo ist das Log von Anti-Rootkit? |
26.02.2013, 12:48 | #5 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Anti-Rootkit hat nichts gefunden und mir kein Log angeboten.
__________________ Dankeschön, MFG Isa |
26.02.2013, 12:54 | #6 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send file" nach VirusTotal hochladen und prüfen lassen. Sollte die Datei bereits einmal geprüft sein, bitte auf Reanalyze klicken. Code:
ATTFilter C:\Program Files (x86)\Skype\Phone\Skype.exe Beim Firefox mit installiertem NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen. Wenn das Ergebnis vorliegt, kopiere mir den Ergebnis-Link (aus der Adresszeile des Browsers) hier in den Thread. Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen!
__________________ --> TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe |
26.02.2013, 13:39 | #7 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe https://www.virustotal.com/de/file/32d09cb2655108c0f00d0db4d0035e6701d4dbd7529b51c70d16cc519fbc237f/analysis/1361882246/
__________________ Dankeschön, MFG Isa |
26.02.2013, 15:39 | #8 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Falscher Alarm. Downloade Dir bitte SecurityCheck und:
|
26.02.2013, 16:13 | #9 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java(TM) 6 Update 30 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.5.502.149 Flash Player out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (19.0) Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
__________________ Dankeschön, MFG Isa |
27.02.2013, 11:51 | #10 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
27.02.2013, 14:03 | #11 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Habe ich das richitg verstanden, dass der Virus eine Falschmeldung war? PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,171) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,2,0 ist aktuell.
__________________ Dankeschön, MFG Isa |
27.02.2013, 15:31 | #12 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Richtig. Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
27.02.2013, 16:01 | #13 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Habe gerade wieder eine warnung von Antivir erhalten: Exportierte Ereignisse: 27.02.2013 15:57 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Program Files (x86)\Skype\Phone\Skype.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern kann ich das jetzt ignorieren?
__________________ Dankeschön, MFG Isa |
27.02.2013, 17:45 | #14 |
/// Helfer-Team | TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Ja, du kannst auch diese Datei zu Avira einschicken, damit die das aus der Datenbank rausnehmen. |
27.02.2013, 18:30 | #15 |
| TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe Vielen, vielen Dank!
__________________ Dankeschön, MFG Isa |
Themen zu TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe |
adobe, antivir, avira, bho, bingbar, diner dash, error, failed, firefox, flash player, format, helper, home, homepage, iexplore.exe, igdpmd64.sys, index, install.exe, launch, limited.com/facebook, logfile, microsoft office starter 2010, mozilla, origin, plug-in, programm, realtek, registry, rundll, scan, security, services.exe, svchost.exe, udp, wildtangent games, windows |