| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.05.2013, 10:34
| #31 | |
 |  Skype Virus So, hier die OTL Logfile und der Ordner ist hochgeladen. Zitat:
|
|
27.05.2013, 11:22
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Skype Virus Ok, bitte ein neues Log mit aswMBR machen
__________________
__________________ |
|
27.05.2013, 11:34
| #33 |
| | Skype Virus Bitteschön.
__________________ Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-27 15:30:05
-----------------------------
15:30:05.968 OS Version: Windows 5.1.2600 Service Pack 3
15:30:05.968 Number of processors: 1 586 0xD08
15:30:05.968 ComputerName: UNTERWEGS UserName: Chef
15:30:08.843 Initialize success
15:30:15.828 AVAST engine download error: 0
15:30:21.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:30:21.421 Disk 0 Vendor: ST9160310AS 0303 Size: 152627MB BusType: 3
15:30:21.593 Disk 0 MBR read successfully
15:30:21.593 Disk 0 MBR scan
15:30:21.593 Disk 0 Windows XP default MBR code
15:30:21.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81940 MB offset 63
15:30:21.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70653 MB offset 167814990
15:30:21.656 Disk 0 Partition 3 00 EF EFI FAT A1055 31 MB offset 312512445
15:30:21.671 Disk 0 scanning sectors +312576705
15:30:21.859 Disk 0 scanning C:\WINDOWS\system32\drivers
15:30:35.468 Service scanning
15:31:02.000 Modules scanning
15:31:15.125 Disk 0 trace - called modules:
15:31:15.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
15:31:15.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8bab8]
15:31:15.890 3 CLASSPNP.SYS[f7648fd7] -> nt!IofCallDriver -> \Device\0000006a[0x86d6e0a8]
15:31:15.890 5 ACPI.sys[f74de620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d80d98]
15:31:15.890 Scan finished successfully
15:31:32.234 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Chef\Desktop\MBR.dat"
15:31:32.234 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Chef\Desktop\aswMBR2.txt"
Geändert von Hanuta87 (27.05.2013 um 11:43 Uhr) |
|
27.05.2013, 11:39
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus Bitte in CODE-Tags posten... Sieht aber schonmal besser aus. Noch ein Log mit TDSSkiller biite Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 11:56
| #35 |
| | Skype VirusCode:
ATTFilter 15:46:06.0218 0360 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:46:06.0812 0360 ============================================================
15:46:06.0812 0360 Current date / time: 2013/05/27 15:46:06.0812
15:46:06.0812 0360 SystemInfo:
15:46:06.0812 0360
15:46:06.0812 0360 OS Version: 5.1.2600 ServicePack: 3.0
15:46:06.0812 0360 Product type: Workstation
15:46:06.0812 0360 ComputerName: UNTERWEGS
15:46:06.0812 0360 UserName: Chef
15:46:06.0812 0360 Windows directory: C:\WINDOWS
15:46:06.0812 0360 System windows directory: C:\WINDOWS
15:46:06.0812 0360 Processor architecture: Intel x86
15:46:06.0812 0360 Number of processors: 1
15:46:06.0812 0360 Page size: 0x1000
15:46:06.0812 0360 Boot type: Normal boot
15:46:06.0812 0360 ============================================================
15:46:10.0171 0360 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:46:10.0171 0360 ============================================================
15:46:10.0171 0360 \Device\Harddisk0\DR0:
15:46:10.0187 0360 MBR partitions:
15:46:10.0187 0360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00A70F
15:46:10.0187 0360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA00A74E, BlocksNum 0x89FE86F
15:46:10.0187 0360 ============================================================
15:46:10.0250 0360 C: <-> \Device\Harddisk0\DR0\Partition1
15:46:10.0296 0360 D: <-> \Device\Harddisk0\DR0\Partition2
15:46:10.0343 0360 ============================================================
15:46:10.0343 0360 Initialize success
15:46:10.0343 0360 ============================================================
15:46:26.0734 3288 ============================================================
15:46:26.0734 3288 Scan started
15:46:26.0734 3288 Mode: Manual; SigCheck; TDLFS;
15:46:26.0734 3288 ============================================================
15:46:27.0109 3288 ================ Scan system memory ========================
15:46:27.0109 3288 System memory - ok
15:46:27.0109 3288 ================ Scan services =============================
15:46:27.0468 3288 Abiosdsk - ok
15:46:27.0468 3288 abp480n5 - ok
15:46:27.0578 3288 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:28.0453 3288 ACPI - ok
15:46:28.0484 3288 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:46:28.0765 3288 ACPIEC - ok
15:46:28.0796 3288 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
15:46:28.0921 3288 acsint - ok
15:46:28.0953 3288 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
15:46:29.0000 3288 acsmux - ok
15:46:29.0187 3288 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:29.0250 3288 AdobeFlashPlayerUpdateSvc - ok
15:46:29.0265 3288 adpu160m - ok
15:46:29.0375 3288 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:46:29.0750 3288 aec - ok
15:46:29.0843 3288 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:46:30.0015 3288 AFD - ok
15:46:30.0031 3288 Aha154x - ok
15:46:30.0046 3288 aic78u2 - ok
15:46:30.0062 3288 aic78xx - ok
15:46:30.0125 3288 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:46:30.0390 3288 Alerter - ok
15:46:30.0437 3288 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
15:46:30.0562 3288 ALG - ok
15:46:30.0578 3288 AliIde - ok
15:46:30.0593 3288 amsint - ok
15:46:30.0750 3288 [ 9015BC03F62940527EC92D45EE89E46F ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
15:46:30.0828 3288 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
15:46:30.0828 3288 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
15:46:30.0906 3288 [ B8720A787C1223492E6F319465E996CE ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:46:30.0953 3288 AntiVirService ( UnsignedFile.Multi.Generic ) - warning
15:46:30.0953 3288 AntiVirService - detected UnsignedFile.Multi.Generic (1)
15:46:31.0031 3288 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:46:31.0093 3288 Apple Mobile Device - ok
15:46:31.0109 3288 AppMgmt - ok
15:46:31.0125 3288 asc - ok
15:46:31.0140 3288 asc3350p - ok
15:46:31.0156 3288 asc3550 - ok
15:46:31.0359 3288 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:46:31.0484 3288 aspnet_state - ok
15:46:31.0531 3288 [ 784FCB197F9A50A419D8CE4980655AE4 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
15:46:31.0593 3288 AsusACPI - ok
15:46:31.0671 3288 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:31.0906 3288 AsyncMac - ok
15:46:31.0984 3288 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:32.0250 3288 atapi - ok
15:46:32.0250 3288 Atdisk - ok
15:46:32.0312 3288 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:32.0640 3288 Atmarpc - ok
15:46:32.0703 3288 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:46:33.0000 3288 AudioSrv - ok
15:46:33.0062 3288 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:33.0312 3288 audstub - ok
15:46:33.0359 3288 [ 6A646C46B9415E13095AA9B352040A7A ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
15:46:33.0390 3288 avgio - ok
15:46:33.0468 3288 [ 91C8887520EE93B2FC7387687FD182CB ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:46:33.0515 3288 avgntflt - ok
15:46:33.0593 3288 [ 452E382340BB0C5E694ED9D3625356D0 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:46:33.0718 3288 avipbb - ok
15:46:33.0781 3288 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:46:34.0046 3288 Beep - ok
15:46:34.0234 3288 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
15:46:34.0828 3288 BITS - ok
15:46:35.0015 3288 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
15:46:35.0312 3288 Bonjour Service - ok
15:46:35.0390 3288 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
15:46:35.0562 3288 Browser - ok
15:46:35.0578 3288 catchme - ok
15:46:35.0656 3288 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:35.0937 3288 cbidf2k - ok
15:46:36.0000 3288 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:46:36.0281 3288 CCDECODE - ok
15:46:36.0281 3288 cd20xrnt - ok
15:46:36.0343 3288 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:36.0609 3288 Cdaudio - ok
15:46:36.0640 3288 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:36.0937 3288 Cdfs - ok
15:46:37.0015 3288 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:37.0281 3288 Cdrom - ok
15:46:37.0296 3288 Changer - ok
15:46:37.0328 3288 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:46:37.0640 3288 CiSvc - ok
15:46:37.0671 3288 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:46:37.0953 3288 ClipSrv - ok
15:46:38.0015 3288 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:38.0187 3288 clr_optimization_v2.0.50727_32 - ok
15:46:38.0250 3288 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:46:38.0515 3288 CmBatt - ok
15:46:38.0531 3288 CmdIde - ok
15:46:38.0562 3288 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:46:38.0859 3288 Compbatt - ok
15:46:38.0875 3288 COMSysApp - ok
15:46:38.0890 3288 Cpqarray - ok
15:46:38.0953 3288 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:46:39.0250 3288 CryptSvc - ok
15:46:39.0265 3288 dac2w2k - ok
15:46:39.0281 3288 dac960nt - ok
15:46:39.0468 3288 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:46:39.0750 3288 DcomLaunch - ok
15:46:39.0843 3288 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:46:40.0125 3288 Dhcp - ok
15:46:40.0187 3288 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:40.0484 3288 Disk - ok
15:46:40.0484 3288 dmadmin - ok
15:46:40.0812 3288 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:46:41.0531 3288 dmboot - ok
15:46:41.0609 3288 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:46:41.0937 3288 dmio - ok
15:46:41.0968 3288 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:46:42.0234 3288 dmload - ok
15:46:42.0296 3288 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:46:42.0578 3288 dmserver - ok
15:46:42.0640 3288 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:46:42.0921 3288 DMusic - ok
15:46:42.0968 3288 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:46:43.0187 3288 Dnscache - ok
15:46:43.0281 3288 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:46:43.0625 3288 Dot3svc - ok
15:46:43.0640 3288 dpti2o - ok
15:46:43.0656 3288 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:43.0906 3288 drmkaud - ok
15:46:43.0968 3288 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:46:44.0234 3288 EapHost - ok
15:46:44.0265 3288 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:46:44.0531 3288 ERSvc - ok
15:46:44.0640 3288 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
15:46:44.0750 3288 Eventlog - ok
15:46:44.0890 3288 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
15:46:45.0109 3288 EventSystem - ok
15:46:45.0203 3288 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:45.0546 3288 Fastfat - ok
15:46:45.0640 3288 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:46:45.0828 3288 FastUserSwitchingCompatibility - ok
15:46:45.0875 3288 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:46:46.0156 3288 Fdc - ok
15:46:46.0187 3288 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:46:46.0468 3288 Fips - ok
15:46:46.0500 3288 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:46:46.0875 3288 Flpydisk - ok
15:46:46.0968 3288 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:46:47.0265 3288 FltMgr - ok
15:46:47.0343 3288 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:46:47.0406 3288 FontCache3.0.0.0 - ok
15:46:47.0484 3288 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:47.0859 3288 Fs_Rec - ok
15:46:47.0921 3288 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:48.0218 3288 Ftdisk - ok
15:46:48.0265 3288 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:46:48.0296 3288 GEARAspiWDM - ok
15:46:48.0359 3288 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:48.0640 3288 Gpc - ok
15:46:48.0734 3288 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:49.0046 3288 HDAudBus - ok
15:46:49.0156 3288 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:46:49.0437 3288 helpsvc - ok
15:46:49.0453 3288 HidServ - ok
15:46:49.0515 3288 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:49.0812 3288 HidUsb - ok
15:46:49.0875 3288 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:46:50.0171 3288 hkmsvc - ok
15:46:50.0171 3288 hpn - ok
15:46:50.0312 3288 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:50.0421 3288 HTTP - ok
15:46:50.0468 3288 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:46:50.0750 3288 HTTPFilter - ok
15:46:50.0859 3288 [ 2310CA92D37D97C9231ADF1796B47B9D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:46:50.0984 3288 hwdatacard - ok
15:46:50.0984 3288 i2omgmt - ok
15:46:51.0000 3288 i2omp - ok
15:46:51.0062 3288 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:51.0328 3288 i8042prt - ok
15:46:51.0765 3288 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:46:52.0843 3288 ialm - ok
15:46:53.0234 3288 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:46:53.0890 3288 idsvc - ok
15:46:53.0953 3288 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:54.0234 3288 Imapi - ok
15:46:54.0328 3288 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
15:46:54.0671 3288 ImapiService - ok
15:46:54.0687 3288 ini910u - ok
15:46:56.0343 3288 [ CC8E47E97E4CB382C842A3066B1DFA7D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:46:59.0921 3288 IntcAzAudAddService - ok
15:46:59.0984 3288 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:47:00.0250 3288 IntelIde - ok
15:47:00.0312 3288 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:47:00.0593 3288 intelppm - ok
15:47:00.0625 3288 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:47:00.0937 3288 Ip6Fw - ok
15:47:00.0968 3288 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:47:01.0250 3288 IpFilterDriver - ok
15:47:01.0265 3288 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:47:01.0531 3288 IpInIp - ok
15:47:01.0609 3288 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:47:01.0906 3288 IpNat - ok
15:47:02.0125 3288 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
15:47:02.0359 3288 iPod Service - ok
15:47:02.0437 3288 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:47:02.0718 3288 IPSec - ok
15:47:02.0765 3288 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:47:02.0890 3288 IRENUM - ok
15:47:02.0953 3288 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:47:03.0234 3288 isapnp - ok
15:47:03.0296 3288 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:47:03.0546 3288 Kbdclass - ok
15:47:03.0656 3288 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:47:04.0046 3288 kmixer - ok
15:47:04.0109 3288 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:47:04.0281 3288 KSecDD - ok
15:47:04.0359 3288 [ E04B182104F429CFA570FD6662EFC282 ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
15:47:04.0468 3288 Ktp - ok
15:47:04.0515 3288 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
15:47:04.0593 3288 L1e - ok
15:47:04.0671 3288 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:47:04.0859 3288 LanmanServer - ok
15:47:04.0968 3288 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:47:05.0109 3288 lanmanworkstation - ok
15:47:05.0125 3288 lbrtfdc - ok
15:47:05.0187 3288 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:47:05.0468 3288 LmHosts - ok
15:47:05.0515 3288 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:47:05.0562 3288 MBAMProtector - ok
15:47:05.0765 3288 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:47:06.0093 3288 MBAMScheduler - ok
15:47:06.0343 3288 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:47:06.0859 3288 MBAMService - ok
15:47:06.0906 3288 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:47:07.0203 3288 Messenger - ok
15:47:07.0328 3288 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
15:47:07.0406 3288 Microsoft Office Groove Audit Service - ok
15:47:07.0453 3288 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:47:07.0750 3288 mnmdd - ok
15:47:07.0812 3288 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:47:08.0078 3288 mnmsrvc - ok
15:47:08.0125 3288 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:47:08.0390 3288 Modem - ok
15:47:08.0421 3288 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:47:08.0703 3288 Mouclass - ok
15:47:08.0734 3288 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:47:09.0000 3288 mouhid - ok
15:47:09.0031 3288 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:47:09.0328 3288 MountMgr - ok
15:47:09.0421 3288 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:47:09.0531 3288 MozillaMaintenance - ok
15:47:09.0546 3288 mraid35x - ok
15:47:09.0625 3288 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:47:09.0968 3288 MRxDAV - ok
15:47:10.0156 3288 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:47:10.0500 3288 MRxSmb - ok
15:47:10.0546 3288 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:47:10.0843 3288 MSDTC - ok
15:47:10.0890 3288 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:47:11.0140 3288 Msfs - ok
15:47:11.0156 3288 MSIServer - ok
15:47:11.0187 3288 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:47:11.0453 3288 MSKSSRV - ok
15:47:11.0468 3288 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:47:11.0718 3288 MSPCLOCK - ok
15:47:11.0750 3288 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:47:12.0031 3288 MSPQM - ok
15:47:12.0093 3288 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:47:12.0343 3288 mssmbios - ok
15:47:12.0359 3288 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:47:12.0625 3288 MSTEE - ok
15:47:12.0718 3288 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:47:12.0968 3288 Mup - ok
15:47:13.0000 3288 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:47:13.0296 3288 NABTSFEC - ok
15:47:13.0437 3288 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
15:47:13.0921 3288 napagent - ok
15:47:14.0015 3288 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:47:14.0390 3288 NDIS - ok
15:47:14.0421 3288 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:47:14.0687 3288 NdisIP - ok
15:47:14.0703 3288 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:47:14.0765 3288 NdisTapi - ok
15:47:14.0875 3288 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:47:15.0140 3288 Ndisuio - ok
15:47:15.0218 3288 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:47:15.0515 3288 NdisWan - ok
15:47:15.0562 3288 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:47:15.0656 3288 NDProxy - ok
15:47:15.0671 3288 Net Driver HPZ12 - ok
15:47:15.0750 3288 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:47:16.0078 3288 NetBIOS - ok
15:47:16.0171 3288 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:47:16.0484 3288 NetBT - ok
15:47:16.0546 3288 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
15:47:16.0906 3288 NetDDE - ok
15:47:16.0968 3288 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:47:17.0218 3288 NetDDEdsdm - ok
15:47:17.0265 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:47:17.0546 3288 Netlogon - ok
15:47:17.0625 3288 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
15:47:17.0968 3288 Netman - ok
15:47:18.0078 3288 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:47:18.0171 3288 NetTcpPortSharing - ok
15:47:18.0296 3288 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
15:47:18.0343 3288 Nla - ok
15:47:18.0390 3288 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:47:18.0671 3288 Npfs - ok
15:47:18.0875 3288 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:47:19.0500 3288 Ntfs - ok
15:47:19.0531 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:47:19.0828 3288 NtLmSsp - ok
15:47:20.0015 3288 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:47:20.0546 3288 NtmsSvc - ok
15:47:20.0593 3288 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:47:20.0859 3288 Null - ok
15:47:20.0890 3288 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:47:21.0171 3288 NwlnkFlt - ok
15:47:21.0187 3288 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:47:21.0453 3288 NwlnkFwd - ok
15:47:21.0765 3288 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
15:47:22.0218 3288 odserv - ok
15:47:22.0312 3288 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
15:47:22.0453 3288 ose - ok
15:47:22.0500 3288 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:47:22.0796 3288 Parport - ok
15:47:22.0843 3288 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:47:23.0109 3288 PartMgr - ok
15:47:23.0125 3288 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:47:23.0375 3288 ParVdm - ok
15:47:23.0421 3288 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:47:23.0703 3288 PCI - ok
15:47:23.0718 3288 PCIDump - ok
15:47:23.0734 3288 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
15:47:24.0000 3288 PCIIde - ok
15:47:24.0062 3288 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:47:24.0359 3288 Pcmcia - ok
15:47:24.0359 3288 PDCOMP - ok
15:47:24.0375 3288 PDFRAME - ok
15:47:24.0390 3288 PDRELI - ok
15:47:24.0406 3288 PDRFRAME - ok
15:47:24.0406 3288 perc2 - ok
15:47:24.0421 3288 perc2hib - ok
15:47:24.0718 3288 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
15:47:24.0750 3288 PlugPlay - ok
15:47:24.0781 3288 Pml Driver HPZ12 - ok
15:47:24.0796 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:47:25.0062 3288 PolicyAgent - ok
15:47:25.0093 3288 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:47:25.0375 3288 PptpMiniport - ok
15:47:25.0406 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:47:25.0671 3288 ProtectedStorage - ok
15:47:25.0703 3288 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:47:26.0000 3288 PSched - ok
15:47:26.0031 3288 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:47:26.0312 3288 Ptilink - ok
15:47:26.0328 3288 ql1080 - ok
15:47:26.0343 3288 Ql10wnt - ok
15:47:26.0359 3288 ql12160 - ok
15:47:26.0359 3288 ql1240 - ok
15:47:26.0375 3288 ql1280 - ok
15:47:26.0421 3288 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:47:26.0687 3288 RasAcd - ok
15:47:26.0750 3288 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:47:27.0078 3288 RasAuto - ok
15:47:27.0125 3288 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:47:27.0375 3288 Rasl2tp - ok
15:47:27.0468 3288 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:47:27.0875 3288 RasMan - ok
15:47:27.0906 3288 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:47:28.0156 3288 RasPppoe - ok
15:47:28.0187 3288 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:47:28.0468 3288 Raspti - ok
15:47:28.0578 3288 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:47:28.0937 3288 Rdbss - ok
15:47:28.0968 3288 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:47:29.0218 3288 RDPCDD - ok
15:47:29.0343 3288 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:47:29.0500 3288 RDPWD - ok
15:47:29.0593 3288 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:47:29.0984 3288 RDSessMgr - ok
15:47:30.0031 3288 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:47:30.0328 3288 redbook - ok
15:47:30.0390 3288 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:47:30.0703 3288 RemoteAccess - ok
15:47:30.0765 3288 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:47:31.0109 3288 RpcLocator - ok
15:47:31.0265 3288 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:47:31.0421 3288 RpcSs - ok
15:47:31.0515 3288 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:47:31.0859 3288 RSVP - ok
15:47:32.0015 3288 [ 0DF1D68F289E07EFD054B498D8EFBBFD ] rtl8187Se C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
15:47:32.0093 3288 rtl8187Se - ok
15:47:32.0125 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
15:47:32.0375 3288 SamSs - ok
15:47:32.0453 3288 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:47:32.0781 3288 SCardSvr - ok
15:47:32.0906 3288 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:47:33.0250 3288 Schedule - ok
15:47:33.0312 3288 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:47:33.0437 3288 Secdrv - ok
15:47:33.0453 3288 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:47:33.0734 3288 seclogon - ok
15:47:33.0765 3288 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
15:47:34.0046 3288 SENS - ok
15:47:34.0109 3288 [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:47:34.0218 3288 Ser2pl - ok
15:47:34.0234 3288 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:47:34.0484 3288 Serenum - ok
15:47:34.0531 3288 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:47:34.0796 3288 Serial - ok
15:47:34.0843 3288 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:47:35.0109 3288 Sfloppy - ok
15:47:35.0265 3288 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:47:35.0687 3288 SharedAccess - ok
15:47:35.0750 3288 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:47:35.0796 3288 ShellHWDetection - ok
15:47:35.0812 3288 Simbad - ok
15:47:35.0921 3288 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
15:47:36.0125 3288 SkypeUpdate - ok
15:47:36.0156 3288 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:47:36.0406 3288 SLIP - ok
15:47:36.0593 3288 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Programme\Sony\Sony PC Companion\PCCService.exe
15:47:36.0718 3288 Sony PC Companion - ok
15:47:36.0718 3288 Sparrow - ok
15:47:36.0796 3288 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:47:37.0078 3288 splitter - ok
15:47:37.0140 3288 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:47:37.0234 3288 Spooler - ok
15:47:37.0312 3288 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:47:37.0437 3288 sr - ok
15:47:37.0531 3288 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
15:47:37.0718 3288 srservice - ok
15:47:37.0890 3288 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:47:38.0203 3288 Srv - ok
15:47:38.0265 3288 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:47:38.0406 3288 SSDPSRV - ok
15:47:38.0468 3288 [ 654DFEA96BC82B4ACDA4F37E5E4A3BBF ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:47:38.0500 3288 ssmdrv - ok
15:47:38.0546 3288 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
15:47:38.0562 3288 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:47:38.0562 3288 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:47:38.0718 3288 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:47:39.0203 3288 stisvc - ok
15:47:39.0234 3288 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:47:39.0500 3288 streamip - ok
15:47:39.0546 3288 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:47:39.0812 3288 swenum - ok
15:47:39.0875 3288 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:47:40.0125 3288 swmidi - ok
15:47:40.0140 3288 SwPrv - ok
15:47:40.0156 3288 symc810 - ok
15:47:40.0171 3288 symc8xx - ok
15:47:40.0187 3288 sym_hi - ok
15:47:40.0203 3288 sym_u3 - ok
15:47:40.0250 3288 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:47:40.0562 3288 sysaudio - ok
15:47:40.0625 3288 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:47:41.0000 3288 SysmonLog - ok
15:47:41.0125 3288 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:47:41.0437 3288 TapiSrv - ok
15:47:41.0593 3288 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:47:41.0906 3288 Tcpip - ok
15:47:41.0937 3288 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:47:42.0187 3288 TDPIPE - ok
15:47:42.0218 3288 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:47:42.0468 3288 TDTCP - ok
15:47:42.0531 3288 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:47:42.0828 3288 TermDD - ok
15:47:42.0968 3288 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
15:47:43.0375 3288 TermService - ok
15:47:43.0453 3288 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:47:43.0484 3288 Themes - ok
15:47:43.0500 3288 TosIde - ok
15:47:43.0593 3288 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:47:43.0937 3288 TrkWks - ok
15:47:44.0000 3288 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:47:44.0265 3288 Udfs - ok
15:47:44.0265 3288 ultra - ok
15:47:44.0437 3288 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:47:44.0984 3288 Update - ok
15:47:45.0078 3288 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:47:45.0312 3288 upnphost - ok
15:47:45.0343 3288 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
15:47:45.0593 3288 UPS - ok
15:47:45.0656 3288 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:47:46.0015 3288 usbaudio - ok
15:47:46.0062 3288 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:47:46.0312 3288 usbccgp - ok
15:47:46.0343 3288 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:47:46.0609 3288 usbehci - ok
15:47:46.0640 3288 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:47:46.0968 3288 usbhub - ok
15:47:47.0015 3288 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:47:47.0281 3288 usbprint - ok
15:47:47.0328 3288 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:47:47.0578 3288 usbscan - ok
15:47:47.0593 3288 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:47:47.0890 3288 usbstor - ok
15:47:47.0953 3288 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:47:48.0203 3288 usbuhci - ok
15:47:48.0312 3288 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:47:48.0609 3288 usbvideo - ok
15:47:48.0640 3288 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:47:48.0937 3288 VgaSave - ok
15:47:48.0953 3288 ViaIde - ok
15:47:49.0015 3288 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:47:49.0265 3288 VolSnap - ok
15:47:49.0484 3288 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
15:47:49.0890 3288 vpnagent - ok
15:47:49.0953 3288 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
15:47:49.0984 3288 vpnva - ok
15:47:50.0140 3288 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
15:47:50.0406 3288 VSS - ok
15:47:50.0531 3288 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
15:47:50.0921 3288 W32Time - ok
15:47:50.0968 3288 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:47:51.0281 3288 Wanarp - ok
15:47:51.0281 3288 WDICA - ok
15:47:51.0343 3288 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:47:51.0609 3288 wdmaud - ok
15:47:51.0671 3288 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:47:51.0984 3288 WebClient - ok
15:47:52.0140 3288 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:47:52.0453 3288 winmgmt - ok
15:47:52.0625 3288 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Programme\Windows Live\installer\WLSetupSvc.exe
15:47:52.0906 3288 WLSetupSvc - ok
15:47:52.0968 3288 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:47:53.0125 3288 WmdmPmSN - ok
15:47:53.0203 3288 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:47:53.0515 3288 WmiApSrv - ok
15:47:53.0937 3288 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
15:47:54.0687 3288 WMPNetworkSvc - ok
15:47:54.0718 3288 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:47:54.0781 3288 WpdUsb - ok
15:47:54.0828 3288 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:47:55.0109 3288 WS2IFSL - ok
15:47:55.0171 3288 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:47:55.0468 3288 wscsvc - ok
15:47:55.0500 3288 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:47:55.0750 3288 WSTCODEC - ok
15:47:55.0796 3288 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:47:56.0078 3288 wuauserv - ok
15:47:56.0140 3288 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:47:56.0250 3288 WudfPf - ok
15:47:56.0312 3288 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:47:56.0375 3288 WudfRd - ok
15:47:56.0421 3288 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:47:56.0515 3288 WudfSvc - ok
15:47:56.0718 3288 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:47:57.0203 3288 WZCSVC - ok
15:47:57.0281 3288 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:47:57.0609 3288 xmlprov - ok
15:47:57.0640 3288 ================ Scan global ===============================
15:47:57.0703 3288 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:47:57.0875 3288 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
15:47:58.0109 3288 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
15:47:58.0171 3288 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:47:58.0171 3288 [Global] - ok
15:47:58.0187 3288 ================ Scan MBR ==================================
15:47:58.0218 3288 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:47:58.0703 3288 \Device\Harddisk0\DR0 - ok
15:47:58.0718 3288 ================ Scan VBR ==================================
15:47:58.0718 3288 [ 1BDE5FC4624CBA051CB0E3369BE9E13C ] \Device\Harddisk0\DR0\Partition1
15:47:58.0718 3288 \Device\Harddisk0\DR0\Partition1 - ok
15:47:58.0765 3288 [ 3B23AA2077D65E35BB2B38EC6D4E074D ] \Device\Harddisk0\DR0\Partition2
15:47:58.0765 3288 \Device\Harddisk0\DR0\Partition2 - ok
15:47:58.0781 3288 ============================================================
15:47:58.0781 3288 Scan finished
15:47:58.0781 3288 ============================================================
15:47:58.0906 2240 Detected object count: 3
15:47:58.0906 2240 Actual detected object count: 3
15:48:02.0953 2240 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:02.0953 2240 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:02.0953 2240 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:02.0953 2240 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:02.0953 2240 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:02.0953 2240 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:50:49.0796 2732 Deinitialize success
|
|
01.06.2013, 22:26
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Skype Virus |
|
02.06.2013, 16:00
| #37 |
| | Skype VirusCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Chef on 02.06.2013 at 15:58:11,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\opencandy"
~~~ FireFox
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Emptied folder: C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\mozilla\firefox\profiles\29g0of8u.default\minidumps [2 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2013 at 16:08:18,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 02/06/2013 um 16:12:19 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Chef - UNTERWEGS
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Chef\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Datei : C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\29g0of8u.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1488 octets] - [02/06/2013 16:12:19]
########## EOF - C:\AdwCleaner[S1].txt - [1548 octets] ##########
Code:
ATTFilter OTL logfile created on: 02.06.2013 16:44:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Chef\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,05 Mb Total Physical Memory | 633,40 Mb Available Physical Memory | 62,40% Memory free 2,38 Gb Paging File | 2,09 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,02 Gb Total Space | 60,46 Gb Free Space | 75,56% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 62,99 Gb Free Space | 91,30% Space Free | Partition Type: NTFS Computer Name: UNTERWEGS | User Name: Chef | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Chef\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\system32\pdfpipent.dll () ========== Services (SafeList) ========== SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll File not found SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:newtab" FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\WINDOWS\system32\16001.015 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 14:18:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\WINDOWS\system32\16001.015 [2012.10.29 14:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Extensions [2012.12.26 11:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\29g0of8u.default\extensions [2012.12.26 11:43:51 | 000,124,993 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\29g0of8u.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.12.26 11:42:54 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\29g0of8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.29 14:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 19:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.27 20:14:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKU\S-1-5-21-1058028205-4197547723-706884204-1006..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Asus Power Management Utility.lnk = C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1058028205-4197547723-706884204-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytmp3downloader.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E138914D-F2F4-4392-8DFB-4B5BA022103A}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.08 10:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 16:20:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chef\Desktop\OTL.exe [2013.06.02 15:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.06.02 15:56:39 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.02 15:55:13 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Chef\Desktop\JRT.exe [2013.05.27 20:14:23 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.27 15:45:25 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Chef\Desktop\tdsskiller2.exe [2013.05.27 08:00:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.05.24 22:08:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013.05.24 20:28:48 | 005,070,409 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Chef\Desktop\ComboFix.exe [2013.05.24 07:12:36 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Chef\Desktop\tdsskiller.exe [2013.05.24 00:03:19 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Chef\Desktop\aswMBR.exe [2013.05.23 19:07:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Desktop\mbar-1.05.0.1001 [2013.05.22 23:55:54 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.05.22 23:53:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.22 23:53:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.22 23:53:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.22 23:53:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.22 23:53:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.22 23:53:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chef\Startmenü\Programme\Verwaltung [2013.05.22 23:53:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.21 22:58:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2013.05.21 22:57:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2013.05.21 22:57:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2013.05.21 20:10:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Malwarebytes [2013.05.21 20:09:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.05.21 20:09:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.05.21 20:09:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.05.21 20:09:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.05.21 12:24:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sony [2013.05.21 12:24:33 | 000,000,000 | ---D | C] -- C:\Programme\Sony [2013.05.21 12:24:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2013.05.20 22:36:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Eigene Videos [2013.05.20 22:36:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\My Art [2013.05.20 22:22:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Samsung [2013.05.20 22:21:24 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll [2013.05.20 22:20:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers [2013.05.16 14:13:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Desktop\IDiLL [2008.09.08 11:33:54 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.02 16:28:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2013.06.02 16:24:30 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.02 16:20:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Chef\Desktop\OTL.exe [2013.06.02 16:15:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.02 16:15:23 | 1064,423,424 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 16:11:45 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\adwcleaner.exe [2013.06.02 15:55:17 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Chef\Desktop\JRT.exe [2013.06.02 15:47:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.27 20:14:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2013.05.27 17:10:01 | 000,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.05.27 17:05:48 | 000,005,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\index.jpg [2013.05.27 15:45:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Chef\Desktop\tdsskiller2.exe [2013.05.27 15:31:32 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\MBR.dat [2013.05.24 21:36:05 | 005,070,409 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Chef\Desktop\ComboFix.exe [2013.05.24 07:12:37 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Chef\Desktop\tdsskiller.exe [2013.05.24 00:05:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Chef\Desktop\aswMBR.exe [2013.05.23 19:05:24 | 012,917,756 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\mbar-1.05.0.1001.zip [2013.05.23 18:02:06 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\gmer_2.1.19163.exe [2013.05.22 23:56:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.05.22 14:01:46 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.05.21 22:30:01 | 000,000,138 | ---- | M] () -- C:\WINDOWS\ktel.ini [2013.05.21 20:09:53 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 20:07:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2013.05.21 20:07:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2013.05.21 19:59:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.21 19:46:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2013.05.21 19:46:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2013.05.21 19:32:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2013.05.21 19:32:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2013.05.21 19:17:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2013.05.21 19:17:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2013.05.21 19:16:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2013.05.21 19:16:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2013.05.21 19:02:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2013.05.21 19:02:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2013.05.21 19:01:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2013.05.21 19:01:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2013.05.21 18:47:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2013.05.21 18:47:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2013.05.21 12:24:58 | 000,001,703 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk [2013.05.21 12:22:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2013.05.20 23:43:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2013.05.20 22:21:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013.05.16 03:33:40 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.16 03:14:22 | 000,463,354 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.16 03:14:22 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.16 03:14:22 | 000,086,180 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.16 03:14:22 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.16 03:09:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.15 01:24:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.15 01:24:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.07 06:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.05.05 09:56:37 | 000,009,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 16:11:44 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\adwcleaner.exe [2013.05.27 17:10:01 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.05.27 17:05:44 | 000,005,171 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\index.jpg [2013.05.24 07:11:49 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\MBR.dat [2013.05.23 19:05:03 | 012,917,756 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\mbar-1.05.0.1001.zip [2013.05.23 18:02:04 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\gmer_2.1.19163.exe [2013.05.22 23:56:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.05.22 23:55:56 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.05.22 23:53:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.22 23:53:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.22 23:53:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.22 23:53:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.22 23:53:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.21 22:58:01 | 000,002,243 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.05.21 22:05:13 | 1064,423,424 | -HS- | C] () -- C:\hiberfil.sys [2013.05.21 20:09:53 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.21 19:59:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.21 12:24:58 | 000,001,703 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk [2013.05.20 22:22:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2013.05.20 22:19:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.11.06 01:30:12 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2012.02.21 23:08:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009.04.30 00:27:23 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\wklnhst.dat [2009.04.07 22:32:43 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.06 23:47:45 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.01.04 03:22:45 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.09.08 11:18:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.06.26 10:12:40 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.06.2013 16:44:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Chef\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,05 Mb Total Physical Memory | 633,40 Mb Available Physical Memory | 62,40% Memory free
2,38 Gb Paging File | 2,09 Gb Available in Paging File | 87,62% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,02 Gb Total Space | 60,46 Gb Free Space | 75,56% Space Free | Partition Type: NTFS
Drive D: | 69,00 Gb Total Space | 62,99 Gb Free Space | 91,30% Space Free | Partition Type: NTFS
Computer Name: UNTERWEGS | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1058028205-4197547723-706884204-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4C60287C-052E-4595-8B83-32A9977FE942}" = Asus Power Management Utility
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96DAC07A-6DFF-4DCB-A7A0-2896A42457B4}" = roboBASIC v2.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{PDFStar 1.0 UI}" = PDFStar 2.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"GIMP-2_is1" = GIMP 2.8.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"office wörterbuch 3" = office wörterbuch 3
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.05.2013 08:13:54 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15718
Error - 09.05.2013 17:34:03 | Computer Name = UNTERWEGS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.3.0.105, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001055f.
Error - 09.05.2013 17:35:17 | Computer Name = UNTERWEGS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.3.0.105, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001055f.
Error - 15.05.2013 12:23:56 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 15.05.2013 12:23:56 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 15.05.2013 12:24:24 | Computer Name = UNTERWEGS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 15.05.2013 12:24:24 | Computer Name = UNTERWEGS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29127547
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29127547
[ Application Events ]
Error - 08.05.2013 08:13:54 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15718
Error - 09.05.2013 17:34:03 | Computer Name = UNTERWEGS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.3.0.105, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001055f.
Error - 09.05.2013 17:35:17 | Computer Name = UNTERWEGS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.3.0.105, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001055f.
Error - 15.05.2013 12:23:56 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 15.05.2013 12:23:56 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 15.05.2013 12:24:24 | Computer Name = UNTERWEGS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 15.05.2013 12:24:24 | Computer Name = UNTERWEGS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29127547
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29127547
[ Application Events ]
Error - 08.05.2013 08:13:54 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15718
Error - 09.05.2013 17:34:03 | Computer Name = UNTERWEGS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.3.0.105, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001055f.
Error - 09.05.2013 17:35:17 | Computer Name = UNTERWEGS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.3.0.105, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001055f.
Error - 15.05.2013 12:23:56 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 15.05.2013 12:23:56 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 15.05.2013 12:24:24 | Computer Name = UNTERWEGS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 15.05.2013 12:24:24 | Computer Name = UNTERWEGS | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29127547
Error - 17.05.2013 03:17:08 | Computer Name = UNTERWEGS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29127547
[ OSession Events ]
Error - 17.11.2012 07:38:12 | Computer Name = UNTERWEGS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.11.2012 07:40:28 | Computer Name = UNTERWEGS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.05.2013 09:53:53 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 27.05.2013 09:53:54 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 27.05.2013 19:28:29 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 27.05.2013 19:28:29 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 27.05.2013 19:28:45 | Computer Name = UNTERWEGS | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 27.05.2013 19:28:45 | Computer Name = UNTERWEGS | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 02.06.2013 09:48:17 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 02.06.2013 09:48:17 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 02.06.2013 10:16:14 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Net Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
Error - 02.06.2013 10:16:14 | Computer Name = UNTERWEGS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Pml Driver HPZ12" wurde mit folgendem Fehler beendet:
%%126
< End of report >
|
|
02.06.2013, 16:30
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2013, 09:23
| #39 |
| | Skype VirusCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.02.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Chef :: UNTERWEGS [Administrator] Schutz: Deaktiviert 02.06.2013 19:44:21 MBAM-log-2013-06-02 (22-09-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 259145 Laufzeit: 2 Stunde(n), 17 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\adcaeaaesacfsfdsf.exe.vir (Trojan.Yakes) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{C8245353-D434-4918-B41A-0F82E62B82D6}\RP200\A0146962.exe (Trojan.Yakes) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f65e8872b21f0742856e1f1a22a53e05
# engine=13977
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-02 11:38:47
# local_time=2013-06-03 01:38:47 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774141 100 100 103972527 146653567 0 0
# scanned=61144
# found=7
# cleaned=0
# scan_time=12058
sh=4F8B674061D082D281CB5B6AF1962104E3877660 ft=1 fh=c71c001174c80c4e vn="Win32/Gapz.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\adcaeaaesacfsfdsf.exe.vir"
sh=F4D676C61BE69CD20F287D1F36A2831A22E91B3F ft=1 fh=385e3c7e703457a0 vn="a variant of Win32/Spy.Banker.ZGF trojan" ac=I fn="C:\Qoobox\Quarantine\C\WINDOWS\system32\16001.015\components\AcroFF015.dll.vir"
sh=7473ED5257B931BE2C9666434A79AB359F5D83B0 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.FHOMURE trojan" ac=I fn="C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_fddfcsj_.sys.zip"
sh=FFCF047057D7600CD94C6E1298B05C880D28F1A7 ft=1 fh=6eefbae870b5b0ae vn="Win32/Spy.Banker.YUM trojan" ac=I fn="C:\System Volume Information\_restore{C8245353-D434-4918-B41A-0F82E62B82D6}\RP196\A0145281.dll"
sh=4F8B674061D082D281CB5B6AF1962104E3877660 ft=1 fh=c71c001174c80c4e vn="Win32/Gapz.E trojan" ac=I fn="C:\System Volume Information\_restore{C8245353-D434-4918-B41A-0F82E62B82D6}\RP200\A0146962.exe"
sh=F4D676C61BE69CD20F287D1F36A2831A22E91B3F ft=1 fh=385e3c7e703457a0 vn="a variant of Win32/Spy.Banker.ZGF trojan" ac=I fn="C:\System Volume Information\_restore{C8245353-D434-4918-B41A-0F82E62B82D6}\RP202\A0147310.dll"
sh=871D36ED0A4A31012C5F5A2F80527B931990BD3B ft=1 fh=9527c5380a11a8ad vn="a variant of Win32/Spy.Banker.YSK trojan" ac=I fn="C:\WINDOWS\system32\16001.014\components\AcroFF014.dll"
|
|
03.06.2013, 10:10
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype VirusFixen mit OTL
Code:
ATTFilter :Files
C:\WINDOWS\system32\16001.014
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2013, 10:35
| #41 |
| | Skype VirusCode:
ATTFilter All processes killed
========== FILES ==========
C:\WINDOWS\system32\16001.014\components folder moved successfully.
C:\WINDOWS\system32\16001.014 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Chef\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Chef\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chef
->Temp folder emptied: 1801618 bytes
->Temporary Internet Files folder emptied: 543792 bytes
->FireFox cache emptied: 73748481 bytes
->Flash cache emptied: 26123 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3215 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 73,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_112710
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
03.06.2013, 11:01
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus Scan mit SystemLook (x86) Lade SystemLook von jpshortstuff herunter, speichere das Tool auf dem Desktop => Download SystemLook (32 bit)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2013, 15:58
| #43 |
| | Skype VirusCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 16:51 on 03/06/2013 by Chef
Administrator - Elevation successful
========== filefind ==========
Searching for "*conduit*"
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [11:43 06/12/2012] [11:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C
Searching for "*softonic*"
No files found.
Searching for "*quickstore*"
No files found.
Searching for "*yontoo*"
No files found.
Searching for "*FunMood*"
No files found.
Searching for "*tarma*"
No files found.
Searching for "*asktool*"
No files found.
Searching for "*001.0*"
No files found.
========== folderfind ==========
Searching for "*conduit*"
No folders found.
Searching for "*softonic*"
No folders found.
Searching for "*quickstore*"
No folders found.
Searching for "*yontoo*"
No folders found.
Searching for "*FunMood*"
No folders found.
Searching for "*tarma*"
No folders found.
Searching for "*asktool*"
No folders found.
Searching for "*001.0*"
C:\Qoobox\Quarantine\C\WINDOWS\system32\16001.015 d------ [18:52 24/05/2013]
C:\WINDOWS\system32\16001.007 d------ [00:28 05/11/2012]
C:\WINDOWS\system32\16001.008 d------ [17:35 06/11/2012]
C:\WINDOWS\system32\16001.009 d------ [12:54 09/11/2012]
C:\WINDOWS\system32\16001.010 d------ [07:24 15/11/2012]
C:\WINDOWS\system32\16001.011 d------ [14:39 17/11/2012]
C:\WINDOWS\system32\16001.012 d------ [22:55 19/11/2012]
C:\WINDOWS\system32\16001.013 d------ [09:14 21/11/2012]
C:\_OTL\MovedFiles\06032013_112710\C_WINDOWS\system32\16001.014 d------ [09:27 03/06/2013]
========== regfind ==========
Searching for "*conduit*"
No data found.
Searching for "*softonic*"
No data found.
Searching for "*quickstore*"
No data found.
Searching for "*yontoo*"
No data found.
Searching for "*FunMood*"
No data found.
Searching for "*tarma*"
No data found.
Searching for "*asktool*"
No data found.
Searching for "*001.0*"
No data found.
Searching for " "
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]
"ProcessorNameString"="Intel(R) Celeron(R) M processor 900MHz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\HelpSvc\OEMInfo]
"Text"="Please mail or fax to the nearest ASUS technical support.#BR##BR##BR#ASUSTeK COMPUTER INC.#BR#Address: 15 Li-Te Road, Peitou, Taipei, Taiwan 11259#BR#Telephone: +886-2-2894-3447#BR#Fax: +886-2-2890-7798#BR#Email: info@asus.com.tw#BR#Web site: hxxp://www.asus.com.tw#BR# #BR#Technical Support:#BR#Telephone: +86-21-54421616#BR#Online Support: hxxp://support.asus.com/techserv/techserv.aspx#BR##BR##BR##BR#ASUSTeK COMPUTER INC.(Taiwan)#BR#Address: 15 Li-Te Road, Peitou, Taipei, Taiwan 11259#BR#Telephone: +886-2-2894-3447 #BR#Fax: +886-2-2890-7798#BR#Email: info@asus.com.tw#BR#Web site: hxxp://www.asus.com.tw#BR# #BR#Technical Support:#BR#Telephone: +886-2-2894-3447 (0800-093-456)#BR#Online Support: hxxp://support.asus.com/techserv/techserv.aspx#BR# #BR# #BR##BR#ASUSTeK COMPUTER INC.(China)#BR#Address: No.508,Chundong Road,Xinzhuang Industrial Zone, Minhang District,Sh
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList]
"SanDiskIMb"="E-USB Fl;ash ; "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_13\_0]
"FriendlyName"="Intel(R) Celeron(R) M processor 900MHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_13\_0]
"FriendlyName"="Intel(R) Celeron(R) M processor 900MHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_13\_0]
"FriendlyName"="Intel(R) Celeron(R) M processor 900MHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_13\_0]
"FriendlyName"="Intel(R) Celeron(R) M processor 900MHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A SCR-730 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M CS-R37 0 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 "
-= EOF =-
|
|
04.06.2013, 08:03
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus Da ist noch mehr Fixen mit OTL
Code:
ATTFilter :Files
C:\WINDOWS\system32\16001.0??
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2013, 10:50
| #45 |
| | Skype VirusCode:
ATTFilter All processes killed
========== FILES ==========
C:\WINDOWS\system32\16001.007\components folder moved successfully.
C:\WINDOWS\system32\16001.007 folder moved successfully.
C:\WINDOWS\system32\16001.008\components folder moved successfully.
C:\WINDOWS\system32\16001.008 folder moved successfully.
C:\WINDOWS\system32\16001.009\components folder moved successfully.
C:\WINDOWS\system32\16001.009 folder moved successfully.
C:\WINDOWS\system32\16001.010\components folder moved successfully.
C:\WINDOWS\system32\16001.010 folder moved successfully.
C:\WINDOWS\system32\16001.011\components folder moved successfully.
C:\WINDOWS\system32\16001.011 folder moved successfully.
C:\WINDOWS\system32\16001.012\components folder moved successfully.
C:\WINDOWS\system32\16001.012 folder moved successfully.
C:\WINDOWS\system32\16001.013\components folder moved successfully.
C:\WINDOWS\system32\16001.013 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Chef\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Chef\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chef
->Temp folder emptied: 784136 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 34824328 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 34,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_114057
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Skype Virus |
| bho, converter, dvdvideosoft ltd., eeepc, einstellungen, extension.mismatch, flash player, hijack.userinit, home, malware.trace, mp3, newtab, registry, software, stolen.data, trojan.agent.gni, trojan.banker, virus |
Textbox. 
Linear-Darstellung
