Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?

IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?


Log-Analyse und Auswertung: IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.10.2012, 21:26   #1
poop
 
IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm? - Standard

IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?


Hallo,

zuerst mal die Vorgeschichte:

- habe mir heute morgen über einen short url link per skype eine datei runter geladen (hier hatte ich schon gepostet: http://www.trojaner-board.de/124929-...ich-fotos.html)

- ich habe allerdings nur das archiv geöffnet, nicht die verdächtige datei ausgeführt und auch nichts entpackt.

- das archiv habe ich inzwischen gelöscht und es ist sonst auch weiter nichts ungewöhnliches am system festzustellen.

- aaaber ich hatte mir wegen des vorfalls mal Malwarebytes installiert und bekomme seit dem (solange skype läuft) diese warnungen über verdächtige ips, die von der software geblockt werden. nun weiß ich natürlich nicht, ob dass mit dem malware link per skype zusammenhängt, oder ob das "problem" schon länger besteht und nicht entdeckt wurde.

- der komplett scan mit avira und Malwarebytes hat nichts ergeben.

- an verschiedenen stellen im netz habe ich schon was über diese meldung von Malwarebytes gelesen. allerdings immer in verbindung mit einem echten virenfund.

- skype selbst hat sich irgendwo im forum von malwarebytes (sorry, den post finde ich jetzt auf die schnelle nicht mehr) dazu geäußert, und erklärt dass es wohl normal ist, dass daten an fremde ips im ausland gesendet werden (wenn ich den englischen post richtig verstanden hab...)

wie kann ich jetzt sicher gehen, dass wirklich alles ok ist, bevor ich wieder online banking an dem rechner mache? das merkwürdige ist, dass es sich laut dem log immer wieder um die ip der ominösen seite starnet.md handelt.

hab schon mal zur sicherheit emulatoren mit defogger deaktiviert und die benötigten logfiles mit otl für euch erstellt.

Code:
ATTFilter
OTL logfile created on: 09.10.2012 20:51:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,21% Memory free
7,82 Gb Paging File | 5,50 Gb Available in Paging File | 70,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,76 Gb Total Space | 89,25 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
 
Computer Name: ***-ASUS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 20:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.06 15:51:54 | 015,668,432 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.08 15:54:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 20:47:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:47:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () -- C:\Users\***\AppData\LocalLow\WOT\IE\WOTUpdater.exe
PRC - [2011.12.19 18:20:07 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.15 20:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.11.12 09:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.07 19:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2010.07.19 22:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 22:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.07.10 08:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.02.03 10:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.09 08:40:14 | 001,169,408 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._core_.pyd
MOD - [2012.10.09 08:40:14 | 001,024,024 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\windows._cacheinvalidation.pyd
MOD - [2012.10.09 08:40:14 | 000,807,424 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._windows_.pyd
MOD - [2012.10.09 08:40:14 | 000,792,576 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._gdi_.pyd
MOD - [2012.10.09 08:40:14 | 000,731,136 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._misc_.pyd
MOD - [2012.10.09 08:40:14 | 000,645,120 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\_ssl.pyd
MOD - [2012.10.09 08:40:14 | 000,571,392 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\pysqlite2._sqlite.pyd
MOD - [2012.10.09 08:40:14 | 000,354,304 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\pythoncom26.dll
MOD - [2012.10.09 08:40:14 | 000,311,808 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\_hashlib.pyd
MOD - [2012.10.09 08:40:14 | 000,263,168 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32com.shell.shell.pyd
MOD - [2012.10.09 08:40:14 | 000,121,856 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._wizard.pyd
MOD - [2012.10.09 08:40:14 | 000,111,104 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32file.pyd
MOD - [2012.10.09 08:40:14 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32security.pyd
MOD - [2012.10.09 08:40:14 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\pywintypes26.dll
MOD - [2012.10.09 08:40:14 | 000,096,256 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32api.pyd
MOD - [2012.10.09 08:40:14 | 000,086,016 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\_elementtree.pyd
MOD - [2012.10.09 08:40:14 | 000,073,728 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\_ctypes.pyd
MOD - [2012.10.09 08:40:14 | 000,070,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._html2.pyd
MOD - [2012.10.09 08:40:14 | 000,040,448 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\_socket.pyd
MOD - [2012.10.09 08:40:14 | 000,039,424 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32inet.pyd
MOD - [2012.10.09 08:40:14 | 000,036,352 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32process.pyd
MOD - [2012.10.09 08:40:14 | 000,022,528 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32pdh.pyd
MOD - [2012.10.09 08:40:14 | 000,011,776 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32crypt.pyd
MOD - [2012.10.09 08:40:13 | 001,056,256 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\wx._controls_.pyd
MOD - [2012.10.09 08:40:12 | 000,017,920 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\win32event.pyd
MOD - [2012.10.09 08:40:11 | 000,153,088 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\pyexpat.pyd
MOD - [2012.10.09 08:40:09 | 000,585,728 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\unicodedata.pyd
MOD - [2012.10.09 08:40:09 | 000,011,776 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI39162\select.pyd
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.10.09 19:25:05 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.24 15:10:45 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 20:47:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:47:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.11.13 01:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 20:47:10 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:47:10 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.09 15:46:22 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.10.07 11:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.04.13 05:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.21 21:08:06 | 000,161,280 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011.01.21 21:08:06 | 000,050,176 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.03 05:46:04 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.04.17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 23:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: LinkParser@linkparser.com:1.3.2
FF - prefs.js..extensions.enabledAddons: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.6
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.24 15:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.29 21:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.24 15:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.03 07:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.27 11:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oxf865d0.default\extensions
[2012.09.13 12:28:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oxf865d0.default\extensions\wotstats@mywot.com
[2012.09.09 21:05:34 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\oxf865d0.default\extensions\firebug@software.joehewitt.com.xpi
[2012.08.25 10:54:34 | 000,062,736 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\oxf865d0.default\extensions\LinkParser@linkparser.com.xpi
[2012.09.27 11:03:49 | 000,340,018 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\oxf865d0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.08.01 19:18:42 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\oxf865d0.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2012.07.11 20:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.24 15:10:45 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.09 13:30:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.24 15:10:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.09 13:30:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 13:30:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.09 13:30:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 13:30:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Flash Video Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: Lucidchart \u2013 Gemeinsam visualisieren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0\
CHR - Extension: MindMeister = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Smartsheet Project Management = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm\2.2.1_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Strike Out Nofollow Links = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkolbdohecbecliihaobiiamdmhhnaei\1.1_0\
CHR - Extension: Deaktivierungs-Add-on von Google Analytics = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: Drive Notepad = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj\1.1.8_0\
CHR - Extension: Gantter = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\3.5.7_0\
CHR - Extension: SISTRIX_Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmcaceagildfabpjdmbppfbgjlihfge\1.6_0\
CHR - Extension: Zoho Sheet = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj\1.2_0\
CHR - Extension: Page Ruler = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn\0.1.4_0\
CHR - Extension: OpenOffice Document Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcfmmdlhndnfpagbmhbbfehenapoich\3_0\
CHR - Extension: InstallFree Nexus with Microsoft Office = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkbdmlhfkcpbokoofbgohenkmpohfnpe\1.0.3_0\
CHR - Extension: linkbird = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhnebcdgjcglkjpbfniinlcoonemjkp\1.0_0\
CHR - Extension: WOT = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Linkparser = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmghbmgeolancmmnklifafgooobplifn\1.3.2_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\***\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C42D8D-6B7A-4036-87FA-FD8D66BE02CE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 20:44:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.09 10:41:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.10.09 10:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 10:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.09 10:40:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.09 10:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.06 13:04:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\desktop
[2012.10.05 11:05:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hochzeit
[2012.09.24 23:40:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.09.24 23:37:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.24 21:31:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PeaZip
[2012.09.24 21:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2012.09.24 21:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2012.09.21 18:35:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\IIS SEO Reports
[2012.09.21 16:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 7.0 Extensions
[2012.09.21 16:20:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2012.09.21 16:19:57 | 000,000,000 | ---D | C] -- C:\inetpub
[2012.09.21 16:19:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2012.09.21 16:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.09.17 18:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.09.13 13:21:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.09.13 13:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.09.13 13:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.09.13 13:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.09.13 12:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff
[2012.09.13 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PantsOff
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 20:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 20:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.09 20:41:44 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.09 20:24:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 13:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 08:47:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 08:47:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 08:40:03 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.10.09 08:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 08:39:35 | 3151,007,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.08 21:55:38 | 000,013,130 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.08 18:49:21 | 001,612,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.08 18:49:21 | 000,701,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.08 18:49:21 | 000,656,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.08 18:49:21 | 000,143,452 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.08 18:49:21 | 000,118,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.04 09:34:24 | 000,010,495 | ---- | M] () -- C:\Users\***\konto1_elster_2048.pfx
[2012.09.25 10:00:17 | 000,002,360 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.09.25 09:59:43 | 000,306,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.24 23:39:27 | 000,001,237 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.14 08:47:37 | 000,001,359 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 20:41:44 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.08 21:55:38 | 000,013,130 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.04 09:34:14 | 000,010,495 | ---- | C] () -- C:\Users\***\konto1_elster_2048.pfx
[2012.09.24 23:39:27 | 000,001,237 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.21 16:16:45 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012.09.13 13:06:35 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.07.14 14:20:12 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2012.05.22 21:42:26 | 001,841,472 | ---- | C] () -- C:\Windows\MapCreator 2 Uninstaller.exe
[2012.01.18 22:31:08 | 001,557,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.07 15:45:56 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.10.21 18:27:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.21 18:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.21 18:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.02.12 07:48:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.01.12 18:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.08 09:39:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2012.01.03 06:13:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Asus WebStorage
[2012.07.27 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CuteRank
[2012.10.09 08:42:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.05.05 23:19:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab
[2012.09.08 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.09.30 00:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.08.23 11:55:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Monitor for Google
[2012.05.06 22:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gretl
[2012.05.06 19:13:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.10.09 15:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.01.08 21:45:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.08 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2012.01.04 04:54:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2012.05.06 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.24 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeaZip
[2012.10.09 00:22:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.05.02 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stereoscopic Player
[2012.01.16 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.01.18 22:32:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.04.09 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.08.03 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Weaverslave
[2012.08.09 11:23:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.09.13 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.01.04 04:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1056 bytes -> C:\ProgramData\Temp:966F7784

< End of report >
und hier noch das logfile von malwarebytes:

Code:
ATTFilter
2012/10/09 10:41:48 +0200	***-ASUS	***	MESSAGE	Starting protection
2012/10/09 10:41:48 +0200	***-ASUS	***	MESSAGE	Protection started successfully
2012/10/09 10:41:48 +0200	***-ASUS	***	MESSAGE	Starting IP protection
2012/10/09 10:41:50 +0200	***-ASUS	***	MESSAGE	IP Protection started successfully
2012/10/09 10:42:06 +0200	***-ASUS	***	MESSAGE	Starting database refresh
2012/10/09 10:42:06 +0200	***-ASUS	***	MESSAGE	Stopping IP protection
2012/10/09 10:42:06 +0200	***-ASUS	***	MESSAGE	IP Protection stopped successfully
2012/10/09 10:42:08 +0200	***-ASUS	***	MESSAGE	Database refreshed successfully
2012/10/09 10:42:08 +0200	***-ASUS	***	MESSAGE	Starting IP protection
2012/10/09 10:42:09 +0200	***-ASUS	***	MESSAGE	IP Protection started successfully
2012/10/09 10:42:20 +0200	***-ASUS	***	MESSAGE	Starting database refresh
2012/10/09 10:42:20 +0200	***-ASUS	***	MESSAGE	Stopping IP protection
2012/10/09 10:42:20 +0200	***-ASUS	***	MESSAGE	IP Protection stopped successfully
2012/10/09 10:42:22 +0200	***-ASUS	***	MESSAGE	Database refreshed successfully
2012/10/09 10:42:22 +0200	***-ASUS	***	MESSAGE	Starting IP protection
2012/10/09 10:42:23 +0200	***-ASUS	***	MESSAGE	IP Protection started successfully
2012/10/09 10:49:38 +0200	***-ASUS	***	MESSAGE	Executing scheduled update:  Daily
2012/10/09 10:49:40 +0200	***-ASUS	***	MESSAGE	Database already up-to-date
2012/10/09 12:20:49 +0200	***-ASUS	***	MESSAGE	Stopping IP protection
2012/10/09 12:20:49 +0200	***-ASUS	***	MESSAGE	IP Protection stopped successfully
2012/10/09 12:20:49 +0200	***-ASUS	***	MESSAGE	Starting IP protection
2012/10/09 12:20:50 +0200	***-ASUS	***	MESSAGE	IP Protection started successfully
2012/10/09 17:28:13 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53880, Process: skype.exe)
2012/10/09 17:28:13 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53881, Process: skype.exe)
2012/10/09 17:28:13 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53882, Process: skype.exe)
2012/10/09 17:28:13 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53883, Process: skype.exe)
2012/10/09 17:29:09 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53895, Process: skype.exe)
2012/10/09 17:29:09 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53896, Process: skype.exe)
2012/10/09 17:29:09 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53897, Process: skype.exe)
2012/10/09 17:29:09 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 53898, Process: skype.exe)
2012/10/09 17:53:21 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54140, Process: skype.exe)
2012/10/09 17:53:21 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54142, Process: skype.exe)
2012/10/09 17:53:21 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54143, Process: skype.exe)
2012/10/09 17:53:21 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54144, Process: skype.exe)
2012/10/09 17:54:26 +0200	***-ASUS	***	IP-BLOCK	89.28.110.164 (Type: outgoing, Port: 58650, Process: skype.exe)
2012/10/09 17:55:14 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54193, Process: skype.exe)
2012/10/09 17:55:14 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54195, Process: skype.exe)
2012/10/09 17:55:14 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54196, Process: skype.exe)
2012/10/09 17:55:14 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54197, Process: skype.exe)
2012/10/09 17:56:10 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54215, Process: skype.exe)
2012/10/09 17:56:10 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54217, Process: skype.exe)
2012/10/09 17:56:10 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54218, Process: skype.exe)
2012/10/09 17:56:10 +0200	***-ASUS	***	IP-BLOCK	89.28.80.111 (Type: outgoing, Port: 54219, Process: skype.exe)
2012/10/09 18:29:04 +0200	***-ASUS	***	IP-BLOCK	89.28.110.164 (Type: outgoing, Port: 54712, Process: skype.exe)
2012/10/09 18:29:04 +0200	***-ASUS	***	IP-BLOCK	89.28.110.164 (Type: outgoing, Port: 54713, Process: skype.exe)
2012/10/09 18:29:04 +0200	***-ASUS	***	IP-BLOCK	89.28.110.164 (Type: outgoing, Port: 54714, Process: skype.exe)
2012/10/09 18:29:04 +0200	***-ASUS	***	IP-BLOCK	89.28.110.164 (Type: outgoing, Port: 54715, Process: skype.exe)
2012/10/09 18:44:44 +0200	***-ASUS	***	IP-BLOCK	91.205.41.227 (Type: outgoing, Port: 54848, Process: chrome.exe)
2012/10/09 18:46:29 +0200	***-ASUS	***	IP-BLOCK	91.205.41.227 (Type: outgoing, Port: 54867, Process: chrome.exe)
2012/10/09 18:49:35 +0200	***-ASUS	***	MESSAGE	Stopping IP protection
2012/10/09 18:49:35 +0200	***-ASUS	***	MESSAGE	IP Protection stopped successfully
2012/10/09 18:49:35 +0200	***-ASUS	***	MESSAGE	Starting IP protection
2012/10/09 18:49:36 +0200	***-ASUS	***	MESSAGE	IP Protection started successfully
2012/10/09 18:50:07 +0200	***-ASUS	***	IP-BLOCK	91.205.41.227 (Type: outgoing, Port: 54908, Process: chrome.exe)
ach und dann hätt ich noch eine allgemeinere frage: sollte ich mal den rechner auf werkseinstellung zurücksetzen müssen, wie sicher ich dann meine dateien vorher? kann ich ordnerweise dateien (text, videos, bilder) auf einen sicheren rechner (speicher) kopieren? versteckt sich der virus also nur in systemdateien oder sollte ich alles aufgeben was auf dem infizierten rechner ist?

dann schon mal vielen dank!!

 

Themen zu IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?
adblock, antivir, avira, bho, document, error, fehlalarm, firefox, flash player, focus, format, frage, google, google analytics, helper, home, homepage, hängt, ip-block, mozilla, nexus, nvpciflt.sys, plug-in, problem, realtek, registry, scan, security, software, system, versteckt sich, virus, warnung, windows, wscript.exe


« Infizierte Registrierungsschlüssel: PUP.VShareRedir | Bundestrojaner - Log Files »


Ähnliche Themen: IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?


  1. Malwarebytes Anti-Malware findet Backdor.bot (recht frische Win-Installation) - Fehlalarm?
    Log-Analyse und Auswertung - 02.08.2014 (3)
  2. Malwarebytes outbond ip block
    Plagegeister aller Art und deren Bekämpfung - 14.07.2014 (1)
  3. Malwarebytes 2.0 Fehlalarm ohne Adminrechte?
    Log-Analyse und Auswertung - 01.04.2014 (7)
  4. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  5. Windows 7 x64: Malwarebytes verhindert Zugriff von Skype.exe auf potentiell gefährliche IP-Adresse
    Log-Analyse und Auswertung - 25.01.2014 (15)
  6. AVAST: Rootkit-Warnung bei Windows Update oder Fehlalarm ?
    Log-Analyse und Auswertung - 19.04.2013 (2)
  7. Skype / Avast IP Block durch Malwarebytes
    Log-Analyse und Auswertung - 15.03.2013 (3)
  8. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  9. Mehrere Trojaner in Quarantäne Malwarebytes -> Link in Skype geklickt :-(
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (9)
  10. Maleware blockt Seite IP-BLOCK 83.128.77.98 Type: incoming, Port: 29018, Process: skype.exe
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (1)
  11. Malwarebytes Problemmeldungen - skype.exe / firefox.exe / svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (1)
  12. Malwarebytes zeigt eingehnde und ausgehende Block IP an
    Plagegeister aller Art und deren Bekämpfung - 20.11.2011 (1)
  13. Malwarebytes' Anti-Malware 1.46; Rogue.Installer oder Fehlalarm
    Log-Analyse und Auswertung - 25.08.2010 (1)
  14. Malwarebytes findet Trojan.Downloader, verdacht auf Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (2)
  15. ACHTUNG: Fehlalarm von Malwarebytes
    Antiviren-, Firewall- und andere Schutzprogramme - 05.03.2009 (3)
  16. Kaspersky Warnung: Hoax.Win32.Renos.esa (evtl. Fehlalarm?)
    Plagegeister aller Art und deren Bekämpfung - 13.11.2008 (5)
  17. Fehlalarm bei MalwareBytes
    Antiviren-, Firewall- und andere Schutzprogramme - 19.07.2008 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm? - Hallo, zuerst mal die Vorgeschichte: - habe mir heute morgen über einen short url link per skype eine datei runter geladen (hier hatte ich schon gepostet: http://www.trojaner-board.de/124929-...ich-fotos.html ) - ich - IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm?...
Archiv
Du betrachtest: IP-Block Warnung von Malwarebytes (skype.exe) Fehlalarm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19