Hilfe!!! Schwarzer Bildschirm Windows 7 gesperrt, da infiziert, Zahlungsaufforderung Hallo,
zweimal kam bei mir die Ansage, WIndows wurde gesperrt, da zu viele infizierte Dateien auf meinem Laptop seien. Mein Virenscanner MS Security Essentials, erkennt nach jedem Neustart folgende Malware:
Trojan:Win32/Ransom.EJ
Backdoor:Win32/Cycbot.B
VIelen Vielen Dank für die Hilfe schonmal
Als Anhang habe ich den defrogger.log, dds.txt, attach.txt sowie extras.txt.
Hier mein OTL-File:
Code:
Alles auswählen Aufklappen ATTFilter
OTL Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 04.02.2012 17:20:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 56,71% Memory free
7,71 Gb Paging File | 5,90 Gb Available in Paging File | 76,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 10,07 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive D: | 387,63 Gb Total Space | 15,28 Gb Free Space | 3,94% Space Free | Partition Type: NTFS
Drive E: | 7,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.02.04 17:03:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.02.04 16:48:50 | 000,167,936 | ---- | M] () -- C:\Users\***\AppData\Roaming\5A1F9\A7937.exe
PRC - [2012.02.04 16:39:07 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\F9F97\lvvm.exe
PRC - [2012.02.04 16:38:30 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\LP\97B5\EB3.exe
PRC - [2012.02.04 10:16:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.12.23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.08.01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011.04.08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.03.23 23:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.02.25 07:19:30 | 000,053,760 | ---- | M] () -- C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe
PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.05.01 10:22:29 | 000,218,808 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.04.22 19:41:22 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.02.26 09:36:14 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.01 21:03:52 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009.12.01 21:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.09.04 12:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.04.30 15:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2008.11.14 02:46:04 | 000,037,656 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2008.10.28 13:01:02 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2008.02.07 21:42:26 | 000,565,248 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\PNAMain.exe
PRC - [2007.06.27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.04 16:48:50 | 000,167,936 | ---- | M] () -- C:\Users\***\AppData\Roaming\5A1F9\A7937.exe
MOD - [2012.02.04 16:39:07 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\F9F97\lvvm.exe
MOD - [2012.02.04 16:38:30 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\LP\97B5\EB3.exe
MOD - [2012.02.04 10:16:22 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.06 12:00:19 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.25 07:19:30 | 000,053,760 | ---- | M] () -- C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe
MOD - [2010.10.25 15:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2008.11.26 15:59:32 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
MOD - [2008.11.14 02:45:28 | 000,115,968 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 8\zlib.dll
MOD - [2008.10.22 15:01:00 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
MOD - [2007.04.19 08:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.12.04 01:56:38 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.02.25 14:44:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.04.30 15:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012.01.30 20:37:58 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.12.04 01:56:40 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.05.01 10:22:29 | 000,218,808 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.04.22 19:41:22 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.08 21:47:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.26 09:36:14 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.12.01 21:03:52 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.09.04 12:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.23 23:25:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.03.23 23:25:14 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.21 19:05:01 | 000,026,424 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DRIVER_BIN64 -- (DRIVER_B)
DRV:64bit: - [2010.04.08 11:34:05 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.26 15:19:58 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.26 09:36:04 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010.02.25 15:12:18 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.25 15:07:46 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.02.25 14:45:12 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.02.25 14:25:56 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.12.22 13:06:34 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009.09.11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009.09.11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.09.11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009.08.21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 14:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009.07.06 16:36:34 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2009.07.06 16:36:33 | 000,114,080 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.01 00:03:08 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2009.05.01 00:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.04.30 23:59:24 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.04.30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.04.30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2008.04.28 11:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV - [2009.08.22 19:25:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.13 14:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.07.06 16:36:34 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.07.06 16:36:33 | 000,114,080 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2008.09.08 18:32:26 | 000,024,224 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys -- (atitray)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 74 FC 24 2E 02 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60040
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60040
FF - prefs.js..network.proxy.type: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.02.12 10:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 10:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.30 13:23:15 | 000,000,000 | ---D | M]
[2010.04.08 10:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.26 15:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jztqhmji.default\extensions
[2012.01.26 15:53:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jztqhmji.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.21 10:37:50 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jztqhmji.default\searchplugins\ecosia.xml
[2012.01.30 13:39:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jztqhmji.default\searchplugins\icqplugin-1.xml
[2010.09.03 17:59:07 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jztqhmji.default\searchplugins\icqplugin.xml
[2011.11.09 15:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.14 18:06:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JZTQHMJI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.04 10:16:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008.02.07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2008.02.07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2008.02.07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2007.03.16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2007.03.16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2007.03.16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.09 04:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2008.02.07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2008.02.07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011.10.02 10:22:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 10:22:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 10:22:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 10:22:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 10:22:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 10:22:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.02.12 09:57:52 | 000,002,183 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.de
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.de
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.de
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.de
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.de
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.de
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.de
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 21 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [2B2.exe] C:\Program Files (x86)\LP\37A5\2B2.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [C0B.exe] C:\Program Files (x86)\LP\67B5\C0B.exe ()
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [D90.exe] C:\Program Files (x86)\LP\37B5\D90.exe ()
O4 - HKLM..\Run: [EB3.exe] C:\Program Files (x86)\LP\97B5\EB3.exe ()
O4 - HKLM..\Run: [IR_SERVER] C:\Program Files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe (Mindjet)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Firefox helper] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CCD2072-85BA-44C9-900F-3818719445B7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7D4CFFF-8E8C-4175-84B8-EDD9F7E52E75}: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9A7D254-B344-4A45-934D-8F47A5E4DEDC}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\5A1F9\BDD67.exe) -C:\Users\***\AppData\Roaming\5A1F9\BDD67.exe ()
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.26 20:25:28 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
O32 - AutoRun File - [2010.10.16 16:25:48 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011.08.19 19:05:30 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b2332433-42eb-11df-954b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2332433-42eb-11df-954b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2011.09.03 01:29:01 | 000,217,256 | R--- | M] (2K Sports)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.02.04 17:20:52 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\***\Desktop\dds.scr
[2012.02.04 17:03:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.04 16:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F9F97
[2012.02.04 16:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012.02.04 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5A1F9
[2012.01.31 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Gesammeltes
[2012.01.31 14:10:21 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.31 14:10:20 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.31 14:10:20 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.31 14:10:20 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.31 14:10:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.31 14:10:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.22 10:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.22 10:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.22 10:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.22 10:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.11 18:58:06 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 18:58:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 18:58:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 18:58:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 18:58:03 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.11 18:58:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.11 18:58:02 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 18:58:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 18:58:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.09 10:46:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.01.08 22:36:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
========== Files - Modified Within 30 Days ==========
[2012.02.04 17:22:13 | 000,016,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 17:22:13 | 000,016,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 17:20:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.scr
[2012.02.04 17:19:39 | 001,110,476 | ---- | M] () -- C:\Users\***\Desktop\7z920.exe
[2012.02.04 17:12:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 17:12:34 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.04 17:11:40 | 000,000,204 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.02.04 17:09:37 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.02.04 17:03:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.02 08:43:46 | 003,533,486 | ---- | M] () -- C:\Users\***\Desktop\mvp n jd mode.v6.5 balenced drives more reals reg jersey no shine.7z
[2012.02.02 08:21:56 | 000,077,627 | ---- | M] () -- C:\Users\***\Desktop\423634_10150565388444293_65951004292_8926024_1983369336_n.jpg
[2012.02.01 22:43:18 | 000,055,927 | ---- | M] () -- C:\Users\***\Desktop\Snapshot_20120201 (2).jpg
[2012.02.01 15:42:18 | 000,097,099 | ---- | M] () -- C:\Users\***\Desktop\überweisung.pdf
[2012.01.30 19:12:02 | 001,648,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.30 19:12:02 | 000,709,678 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.30 19:12:02 | 000,663,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.30 19:12:02 | 000,154,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.30 19:12:02 | 000,126,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.22 10:41:41 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.17 16:05:00 | 000,797,849 | ---- | M] () -- C:\Users\***\Desktop\MB_Dipl_Erfassungstudienarbeit_DE.pdf
[2012.01.12 10:44:21 | 000,765,052 | ---- | M] () -- C:\Users\***\Desktop\MB_Dipl_Erfassungstudienarbeit_WZL.pdf
[2012.01.12 09:04:00 | 001,626,690 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.10 10:09:50 | 002,264,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.09 10:51:57 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.01.09 10:51:56 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
========== Files Created - No Company Name ==========
[2012.02.04 17:19:30 | 001,110,476 | ---- | C] () -- C:\Users\***\Desktop\7z920.exe
[2012.02.04 17:11:40 | 000,000,204 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.02.04 17:09:36 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.02.02 08:43:37 | 003,533,486 | ---- | C] () -- C:\Users\***\Desktop\mvp n jd mode.v6.5 balenced drives more reals reg jersey no shine.7z
[2012.02.02 08:21:50 | 000,077,627 | ---- | C] () -- C:\Users\***\Desktop\423634_10150565388444293_65951004292_8926024_1983369336_n.jpg
[2012.02.01 22:43:15 | 000,055,927 | ---- | C] () -- C:\Users\***\Desktop\Snapshot_20120201 (2).jpg
[2012.02.01 15:42:18 | 000,097,099 | ---- | C] () -- C:\Users\***\Desktop\überweisung.pdf
[2012.01.22 10:41:41 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.12 10:44:21 | 000,765,052 | ---- | C] () -- C:\Users\***\Desktop\MB_Dipl_Erfassungstudienarbeit_WZL.pdf
[2012.01.12 10:42:02 | 000,797,849 | ---- | C] () -- C:\Users\***\Desktop\MB_Dipl_Erfassungstudienarbeit_DE.pdf
[2011.11.12 15:46:32 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7010.DAT
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.05 15:28:41 | 000,022,912 | ---- | C] () -- C:\Users\***\AppData\Local\Temp_table.xml
[2011.02.05 14:15:25 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml
[2010.12.04 01:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.08.23 12:40:44 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.23 12:40:44 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010.06.14 19:17:45 | 000,127,085 | ---- | C] () -- C:\Windows\SysWow64\RTKFMSOURCE.dll
[2010.06.12 11:23:46 | 000,000,019 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.06.12 11:20:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.05.17 08:56:05 | 000,000,028 | ---- | C] () -- C:\Windows\InstPdrv.INI
[2010.04.26 21:03:37 | 001,626,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.21 19:26:02 | 000,039,072 | ---- | C] () -- C:\Windows\SysWow64\clocklog.bin
[2010.04.11 18:42:07 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.11 18:42:05 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.04.11 18:42:05 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.04.09 16:49:06 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.08 22:58:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.04.08 12:31:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.08 12:20:13 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.04.08 12:20:13 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2010.04.08 11:20:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.04.08 10:26:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.06 17:24:30 | 000,041,984 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
< End of report >
--- --- ---
Geändert von Maschi7884 (04.02.2012 um 18:19 Uhr)