Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.02.2013, 09:23   #1
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.02.2013 08:54:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Isabel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 87,40% Memory free
7,90 Gb Paging File | 7,41 Gb Available in Paging File | 93,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,77 Gb Total Space | 401,60 Gb Free Space | 89,09% Space Free | Partition Type: NTFS
Drive D: | 14,69 Gb Total Space | 1,61 Gb Free Space | 10,94% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32
 
Computer Name: ISABEL-HP | User Name: Isabel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.25 08:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isabel\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.07 16:36:56 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.20 19:41:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.13 08:09:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 23:16:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 23:13:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.18 23:37:00 | 002,372,096 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.02.01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.05 18:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.11 14:17:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 14:17:57 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.07 17:07:04 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.07 16:02:36 | 000,293,376 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.02.15 20:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.08 02:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.04 19:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.07.28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{353745D8-F58F-4224-8817-A69FED191332}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{605AB9CB-5387-483F-9DEC-2B2F5798E222}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6BC48128-129E-4233-BE66-0B6F2AA30EB2}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6DFDA7B5-B434-4302-BBD1-47AFFB019771}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{E57EB5DA-BFE0-4D44-B5B9-27EEE5053977}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{E90E11EE-F635-44EC-8008-3C6B1C1C81B2}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Isabel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 19:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.27 11:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabel\AppData\Roaming\mozilla\Extensions
[2012.10.24 16:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabel\AppData\Roaming\mozilla\Firefox\Profiles\ga9yu6ex.default\extensions
[2013.02.20 19:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 19:41:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Isabel\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isabel\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Isabel\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - Startup: C:\Users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25CE36E1-7148-4F67-80E3-5BEBE94EF21D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941B6550-1C66-480B-895A-5D009A80B2D8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ba24fe7-2cbe-11e1-912f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba24fe7-2cbe-11e1-912f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\o2Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.25 08:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Isabel\Desktop\OTL.exe
[2013.02.20 19:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.19 19:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 19:28:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.19 19:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.29 17:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.01.29 17:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.25 08:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isabel\Desktop\OTL.exe
[2013.02.25 08:50:45 | 000,000,000 | ---- | M] () -- C:\Users\Isabel\defogger_reenable
[2013.02.25 08:49:11 | 000,050,477 | ---- | M] () -- C:\Users\Isabel\Desktop\Defogger.exe
[2013.02.25 08:46:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.25 08:46:24 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.24 23:29:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 23:29:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 22:18:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000UA.job
[2013.02.24 22:09:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.24 21:55:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000UA.job
[2013.02.24 17:55:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000Core.job
[2013.02.24 16:19:10 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3978010377-112504277-1505979990-1000Core.job
[2013.02.22 10:38:23 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.22 10:38:23 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.22 10:38:23 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.22 10:38:23 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.22 10:38:23 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.19 19:28:04 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.13 15:10:57 | 000,295,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.01 08:58:31 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIsabel.job
[2013.01.29 17:08:17 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.25 08:50:45 | 000,000,000 | ---- | C] () -- C:\Users\Isabel\defogger_reenable
[2013.02.25 08:49:11 | 000,050,477 | ---- | C] () -- C:\Users\Isabel\Desktop\Defogger.exe
[2013.01.29 17:08:17 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2012.03.27 13:58:41 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.03.27 13:58:40 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011.12.24 22:35:02 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.12 00:46:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.12 00:43:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.06.12 00:39:48 | 000,003,054 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.06.12 00:35:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.14 20:50:25 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.03.03 20:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.04 18:57:04 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\1&1 Mail & Media GmbH
[2013.02.25 08:45:00 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\Dropbox
[2012.03.17 11:10:42 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\OpenOffice.org
[2013.02.23 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\SoftGrid Client
[2011.12.22 20:15:09 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\Synaptics
[2011.12.24 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\TP
[2012.04.04 19:30:53 | 000,000,000 | ---D | M] -- C:\Users\Isabel\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.02.2013 08:54:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Isabel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 87,40% Memory free
7,90 Gb Paging File | 7,41 Gb Available in Paging File | 93,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,77 Gb Total Space | 401,60 Gb Free Space | 89,09% Space Free | Partition Type: NTFS
Drive D: | 14,69 Gb Total Space | 1,61 Gb Free Space | 10,94% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32
 
Computer Name: ISABEL-HP | User Name: Isabel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AB0C95A-7443-4619-8102-C950EC94D971}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CB06875-BE00-4010-8EDF-883A089D5447}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{253FB009-634E-4DFB-B4E0-97A6464D4272}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A032C3F-EBF1-43B3-84C1-AE981A8FE946}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5511F03A-12FD-47FE-A209-13A82C40C604}" = rport=138 | protocol=17 | dir=out | app=system | 
"{61F87EC6-AFBC-422D-ABF2-1C6390BFB2FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6435C2D1-C6FC-419F-9815-85801E0FEA61}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{667B9E12-EA26-4479-A553-258C3448694A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7DF6C254-FA7C-410F-A1E5-74156FB7D286}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{89045899-5A0F-467A-8C45-BC7DC16C7E4A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8A1BF5F6-AFB9-449C-91A1-2F066F5DAB32}" = lport=139 | protocol=6 | dir=in | app=system | 
"{942F1AE1-71B9-4A2F-89B8-E9727839E958}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{95018C1B-EF58-49AD-ACA1-E7BDF0DACC28}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9A93EE1E-3B06-44B0-AD3E-D905E392718C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9B2BFA94-BAF8-47B6-B371-1BDF8F6BE05A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AECCB60E-62E6-4662-87C5-A5B350CA7154}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0489B85-920C-4A67-A502-092832F7F25A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B7918CB0-0DB1-40D4-8127-CEB178F58D61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BAEA5216-FC4E-4685-96DA-5B0E26F229B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9402341-560F-443C-924B-2E08244656E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CB7F4EB4-E2AB-4C6F-A3D2-9BB01E76CC7F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D58FB4F6-E970-4051-9035-2562E0EFA5BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D932AA00-77B7-4E2C-80A2-0A065FEF2A69}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E6341C00-F556-4641-9D1A-8289781B3A40}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA241428-01A4-4A10-AE7A-887A612F92B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B31F7EB-9C46-4FD9-A06B-443B010AD00B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{11FD7266-A604-4097-B071-D3ED508FF093}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{14F405D7-306A-4130-B22F-1A0929CBFB3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1D416078-321D-48B5-86BF-AFB8E44E78EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{262D1479-8CE5-47B8-921B-FD3F26AA01F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2A7275EE-3833-451F-A641-A2A5205E6AE5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{30D00260-E57B-498C-99A9-002A0F7A93A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41606BCA-3D7D-4145-A385-B85EC12569D6}" = dir=in | app=c:\users\isabel\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{4FD7BAE7-3F54-4BA5-AB68-CB8DF41BC497}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5339D92D-7B90-4B16-8405-813A1D5F4657}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{564BE9E0-2C0E-43F4-A40D-B0F0C3C2A89E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{684C250A-CA49-48D2-A3BC-D4E68D98DC74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B7170BD-E7FF-4602-83D6-5FFE1E32BFD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7E19D081-0D25-4EF7-B08A-883413912E6B}" = protocol=6 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8FE4B161-DAC6-4CC7-B595-0ABFCC68E776}" = protocol=6 | dir=out | app=system | 
"{957252C6-EFB9-4F3F-8760-48D39A422A66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{967F24C1-F681-48E8-8581-B20FE77BAB0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A36BC5DE-69AC-49A8-90D2-E64DCC1E3872}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB61D50E-7605-4036-AC1B-4206E21FDB12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B94CB02C-103C-44BF-9B83-C9C315EE1A40}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAD11850-3401-45F3-B492-190BC956C923}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB1C921B-FF0D-4A5F-A861-D96F0100F15D}" = protocol=58 | dir=in | app=system | 
"{BC0B1228-80DF-4371-BC9C-A0AC18718A40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C621A51B-709D-4BAD-81CE-BCF65F395B17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C86A1533-5533-4FC7-A44B-3ABBB51F0F97}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{E0576B92-3187-45AD-A345-683ADCEC5754}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E0F68249-1898-478C-B5F3-7FA3E9F889A9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{E949E352-00F5-4562-BD7B-0274B4A57592}" = protocol=17 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EDBD330E-255D-4C6E-AD0F-333A74DC68D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7F214AE-7AE7-4927-9B1B-DC98A3D16D82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{1D3C29BF-5FF6-453F-8118-F5A7E77501EC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{E679EF09-28B6-4E64-9AC5-73509C979BDF}C:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1E933853-1A32-408F-B611-D87789003D95}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{68ED56AE-40E2-41CB-A6E8-495180C3D711}C:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\isabel\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}" = ATI Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{47FBE83E-4AE6-4E4C-A9AA-F5838E1FF925}" = GMX Toolbar MSVC100 CRT x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B4780D78-61F7-DE72-2E26-94EAEF13A877}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AD8324F-C5F8-7D42-194E-329B8D1DB340}" = CCC Help Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13D5D877-E722-1A5B-B554-074A7DE71772}" = CCC Help Korean
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1DC6D76B-AFDE-A59F-20AB-790BCA036D0F}" = CCC Help Russian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2FBAD1-7DCC-4769-0D28-F148B04B6EE0}" = CCC Help Greek
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4574C6C1-41CE-54F1-C942-5B923A2DAB30}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F51B5A2-952D-52D9-196A-8E9E8B7023A5}" = CCC Help Spanish
"{4F52A280-7164-3B30-0F56-CCFF6B4BFF9F}" = CCC Help Danish
"{520F374B-6157-BF93-E988-0EA3E3D3946D}" = CCC Help Thai
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A0D5C83-DFA2-D5EA-2F5C-07F9C281DFAC}" = CCC Help Norwegian
"{5EBF0407-366C-1A14-DEE0-502E26C69A2C}" = CCC Help German
"{620C8175-DA37-E6BE-0378-B4B91869B44E}" = Catalyst Control Center Profiles Mobile
"{622EF969-C000-54E6-5EDF-557908AAC259}" = ccc-core-static
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6E7542AC-201E-A4B5-A357-632D77CEC2C0}" = CCC Help Japanese
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8027F887-2A1B-0C4E-0573-0243F491CB98}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{814D1480-82F1-89A8-94E9-17115DBB844C}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8508C2D5-AE78-C335-F6D6-07F96F8F4E7D}" = CCC Help Chinese Standard
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8783555D-7EE3-C162-DEFC-0BF92AF9FCFA}" = CCC Help Portuguese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{896448B2-2F82-E322-7A3B-98180D8015BC}" = CCC Help Swedish
"{8B3F2E25-6825-1FC7-7A59-4324E37F1974}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D48CF3-FD0A-EF10-13BE-66BD803A5A16}" = PX Profile Update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F5CC09D-97E9-E35D-00D6-44FCE1543322}" = Catalyst Control Center Graphics Previews Common
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B420318C-D55C-5C71-4A57-6A2F850604DC}" = Catalyst Control Center Localization All
"{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD90EFA4-37B7-C4DA-F7A3-5B150E058508}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8C2751F-1ECF-E73B-CCAD-F21FE827C5C0}" = CCC Help Italian
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F29DD72D-F748-6D9E-AEB1-8610E279A0ED}" = CCC Help English
"{F55AA104-4F14-FE47-2A2C-8D734FB346DA}" = CCC Help French
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD2A3058-0547-E960-430D-1A580E044AA1}" = CCC Help Polish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2012 09:38:56 | Computer Name = Isabel-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2012 14:21:03 | Computer Name = Isabel-HP | Source = Google Update | ID = 20
Description = 
 
Error - 03.12.2012 15:46:37 | Computer Name = Isabel-HP | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 18d4    Startzeit:
 01cdd187c4e5d5cf    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 1ed4e3c9-3d82-11e2-a1dc-2c27d7e00f22  
 
Error - 03.12.2012 15:56:05 | Computer Name = Isabel-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.12.2012 02:30:00 | Computer Name = Isabel-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.12.2012 03:31:02 | Computer Name = Isabel-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.  
 
Error - 04.12.2012 03:35:59 | Computer Name = Isabel-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.12.2012 11:40:39 | Computer Name = Isabel-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.12.2012 15:47:53 | Computer Name = Isabel-HP | Source = Google Update | ID = 20
Description = 
 
Error - 04.12.2012 16:25:59 | Computer Name = Isabel-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
[ Hewlett-Packard Events ]
Error - 14.10.2012 08:31:53 | Computer Name = Isabel-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4043  Ram Utilization: 50  TargetSite: Void closeConnection()

 
Error - 14.10.2012 08:32:16 | Computer Name = Isabel-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 14.10.2012 12:45:21 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 22.10.2012 01:48:41 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 29.10.2012 02:42:26 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 11.11.2012 16:23:54 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 18.11.2012 13:27:47 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 03.12.2012 02:36:51 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 10.12.2012 02:41:38 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 17.12.2012 03:41:53 | Computer Name = Isabel-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
[ HP Connection Manager Events ]
Error - 13.02.2013 03:14:43 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/13 08:14:43.624|00000528|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 13.02.2013 12:26:19 | Computer Name = Isabel-HP | Source = hpMobile | ID = 5
Description = 2013.02.13 17:26:19.735|000012E4|Error      |[HP.Mobile]Wlan::UpdateProperties{void()}|Die
 Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D)
 
Error - 19.02.2013 07:00:11 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/19 12:00:11.943|00001548|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 19.02.2013 16:42:12 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/19 21:42:12.125|00000A44|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 20.02.2013 04:54:41 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/20 09:54:41.094|00001148|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.02.2013 04:03:18 | Computer Name = Isabel-HP | Source = hpMobile | ID = 5
Description = 2013.02.21 09:03:18.976|00000C0C|Error      |[HP.Mobile]Wlan::UpdateProperties{void()}|Die
 Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D)
 
Error - 22.02.2013 17:22:43 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/22 22:22:43.977|00000B24|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.02.2013 14:13:08 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/24 19:13:08.310|00001760|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.02.2013 17:46:27 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/24 22:46:27.795|0000090C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.02.2013 17:46:33 | Computer Name = Isabel-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/24 22:46:33.927|0000090C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Software Framework Events ]
Error - 11.01.2013 02:08:23 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.11 07:08:23.504|00001280|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 12.01.2013 04:14:17 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.12 09:14:17.430|00000950|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 13.01.2013 02:27:43 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.13 07:27:43.767|00000B60|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 13.01.2013 05:56:52 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.13 10:56:51.985|0000071C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 13.01.2013 13:55:56 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.13 18:55:56.771|00000BF4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 14.01.2013 02:30:49 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.14 07:30:49.914|00000774|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 14.01.2013 08:56:56 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.14 13:56:56.282|00000D78|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 15.01.2013 02:28:45 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.15 07:28:45.666|0000026C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 15.01.2013 10:56:10 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.15 15:56:10.267|00000B4C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 15.01.2013 16:21:39 | Computer Name = Isabel-HP | Source = CaslWmi | ID = 5
Description = 2013.01.15 21:21:39.891|000009A0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:48 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:49 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.02.2013 03:46:56 | Computer Name = Isabel-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---

GMER: keine System-Änderungen gefunden

Antivir hat diesen Virus "TR/Crypt.ZPACK.Gen2" bei mir gefunden. Hatte bis dahin und auch direkt danach keinerlei Probleme mit meinem Laptop. Ich habe dann noch einmal einen kompletten Suchlauf mit Antivir laufen lassen, bei dem allerdings keinerlei Viren gefunden wurden. Jetzt kann ich mein Antivir nicht mehr aktivieren. Wenn ich versuche es einzuschalten, passiert gar nichts und ich kann auch in anderen Programmen keinerlei Schaltflächen mehr anklicken.
Ich versuche meinen Laptop jetzt im abgesichertem Modus mit Netzwerktreibern zu starten. Dabei macht mein Laptop allerdings neuerdings beim Starten mehrere Piepgeräusche und fährt manchmal ganz normal hoch, ohne dass ich den abgsicherten Modus anwählen kann.

Alt 25.02.2013, 16:57   #2
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe





bitte mal Log von Avira posten: http://www.trojaner-board.de/125889-...tml#post941534


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



dann:


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 25.02.2013, 17:26   #3
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Log von Avira:

Exportierte Ereignisse:

24.02.2013 21:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\Skype\Phone\Skype.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

Malware Bytes: keine Malware gefunden

AdwCleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 25/02/2013 um 18:52:44 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Isabel - ISABEL-HP
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Isabel\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Isabel\AppData\Roaming\Mozilla\Firefox\Profiles\ga9yu6ex.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1661 octets] - [25/02/2013 18:52:44]

########## EOF - C:\AdwCleaner[S1].txt - [1721 octets] ##########
         
--- --- ---
__________________

Alt 26.02.2013, 11:08   #4
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Wo ist das Log von Anti-Rootkit?
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.02.2013, 11:48   #5
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Anti-Rootkit hat nichts gefunden und mir kein Log angeboten.

__________________
Dankeschön,
MFG Isa

Alt 26.02.2013, 11:54   #6
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send file" nach VirusTotal hochladen und prüfen lassen. Sollte die Datei bereits einmal geprüft sein, bitte auf Reanalyze klicken.

Code:
ATTFilter
C:\Program Files (x86)\Skype\Phone\Skype.exe
         
Solltest Du die Datei/en auf Deinem Computer nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Beim Firefox mit installiertem NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen.

Wenn das Ergebnis vorliegt, kopiere mir den Ergebnis-Link (aus der Adresszeile des Browsers) hier in den Thread.

Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen!
__________________
--> TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe

Alt 26.02.2013, 12:39   #7
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



https://www.virustotal.com/de/file/32d09cb2655108c0f00d0db4d0035e6701d4dbd7529b51c70d16cc519fbc237f/analysis/1361882246/
__________________
Dankeschön,
MFG Isa

Alt 26.02.2013, 14:39   #8
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Falscher Alarm.

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.02.2013, 15:13   #9
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.149 Flash Player out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0)
Google Chrome 24.0.1312.57
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
__________________
Dankeschön,
MFG Isa

Alt 27.02.2013, 10:51   #10
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 15 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.02.2013, 13:03   #11
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Habe ich das richitg verstanden, dass der Virus eine Falschmeldung war?


PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash (11,6,602,171) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.
__________________
Dankeschön,
MFG Isa

Alt 27.02.2013, 14:31   #12
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Richtig.

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.





Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.02.2013, 15:01   #13
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Habe gerade wieder eine warnung von Antivir erhalten:
Exportierte Ereignisse:

27.02.2013 15:57 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\Skype\Phone\Skype.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

kann ich das jetzt ignorieren?
__________________
Dankeschön,
MFG Isa

Alt 27.02.2013, 16:45   #14
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Ja, du kannst auch diese Datei zu Avira einschicken, damit die das aus der Datenbank rausnehmen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.02.2013, 17:30   #15
IsaSchum
 
TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - Standard

TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe



Vielen, vielen Dank!
__________________
Dankeschön,
MFG Isa

Antwort

Themen zu TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
adobe, antivir, avira, bho, bingbar, diner dash, error, failed, firefox, flash player, format, helper, home, homepage, iexplore.exe, igdpmd64.sys, index, install.exe, launch, limited.com/facebook, logfile, microsoft office starter 2010, mozilla, origin, programm, realtek, registry, rundll, scan, security, services.exe, svchost.exe, udp, wildtangent games, windows



Ähnliche Themen: TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe


  1. Windows 7 - Skype Update - Umleitung auf skype.gmw.cn
    Alles rund um Windows - 12.08.2014 (9)
  2. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  3. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  4. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  5. Avira Meldet "C:\WINDOWS\system32\Skype.scr\Skype.exe" und kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (11)
  6. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  7. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  8. TR/Crypt.ZPACK.Gen2 in Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  9. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  10. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  11. TR/Crypt.ZPACK.Gen2 in Datei Skype.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (25)
  12. TR/Crypt.ZPACK.Gen2 in Skype.exe und starsear.ch
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (3)
  13. TR/Crypt.ZPACK.Gen2 in skypeportable/phone/skype.exe
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (3)
  14. Avira meldet in Skype.exe' ein unerwünschtes Prog. namens TR/Crypt.ZPACK.Gen2' [trojan]
    Log-Analyse und Auswertung - 22.10.2011 (4)
  15. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  16. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)
  17. Frage zu Skype Messenger Programm
    Überwachung, Datenschutz und Spam - 03.10.2006 (4)

Zum Thema TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe - OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 25.02.2013 08:54:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isabel\Desktop 64bit- Home Premium Edition Service - TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.