| |
| |||||||
Log-Analyse und Auswertung: Blackscreen mit Hinweis auf infiziertes System und ZahlungsaufforderungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2012, 12:03
| #1 |
| |  Blackscreen mit Hinweis auf infiziertes System und Zahlungsaufforderung Hallo, auch mich hat es mit dem hier sehr oft aufgeführtem Problem getroffen. Ich habe nach der Blackscreen den Rechner im abgesicherten Modus hochgefahren (anders war es auch nicht mehr möglich) und defogger, dds, mbam und otl laufen lassen. Die entsprechenden logs findet ihr hier. mbam hat drei dateien gefunden und entfernt. Besten Dank für weitere Ratschläge. dds.text Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Wolfgang at 11:31:25 on 2012-02-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3582.2341 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
X:\downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [{FDBE492E-6BDF-11E0-969E-001FD05AF8B3}] C:\Users\Wolfgang\AppData\Roaming\Microsoft\torrent.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Wolfgang\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wolfgang\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WISOME~1.LNK - C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{C1E2E1CD-B322-4F7A-92B8-7E11C60CB1E3} : NameServer = 145.253.2.75,195.50.140.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\f7gs1vpe.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\f7gs1vpe.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-4-21 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-4-21 269480]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-2 136176]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-2 136176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudserd.sys --> C:\Windows\system32\DRIVERS\ssudserd.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-12 554160]
.
=============== File Associations ===============
.
.txt=SigilTXT
.
=============== Created Last 30 ================
.
2012-02-05 14:26:07 12 ----a-w- C:\Users\Wolfgang\tmpifo.bat
2012-02-05 14:25:56 -------- d-----w- C:\Program Files (x86)\Archimedes Geo3D
2012-02-03 13:35:00 -------- d-----w- C:\Users\Wolfgang\AppData\Local\Loden_Software
2012-02-02 18:25:15 -------- d-----w- C:\Program Files (x86)\Chapter and Verse
2012-02-02 18:24:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-29 15:36:56 -------- d-----w- C:\Program Files\Microsoft Research
2012-01-29 11:27:42 -------- d-----w- C:\Users\Wolfgang\AppData\Local\{CC97898E-98A4-440A-BD6C-A187C5B25B58}
2012-01-29 11:27:30 -------- d-----w- C:\Users\Wolfgang\AppData\Local\{7F1200DF-A424-4745-8713-65645FFFD366}
2012-01-29 10:41:20 -------- d-----w- C:\ProgramData\Lidl_Fotos
2012-01-29 10:41:17 -------- d-----w- C:\Program Files (x86)\Lidl_Fotos
2012-01-28 15:14:33 -------- d-----w- C:\Program Files (x86)\Lavalys
2012-01-27 15:30:45 -------- d-----w- C:\Users\Wolfgang\AppData\Roaming\MP3toiPodAudioBookConverter
2012-01-27 15:28:44 -------- d-----w- C:\Program Files (x86)\MP3ToIpodAudioBookConverter
2012-01-27 14:51:56 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-01-27 14:31:05 -------- d-----w- C:\Windows\SysWow64\System32
2012-01-27 14:11:49 -------- d-----w- C:\Program Files (x86)\CDex
.
==================== Find3M ====================
.
2011-12-23 19:58:54 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2011-12-23 19:58:28 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2011-12-23 19:58:28 325552 ----a-w- C:\Windows\MASetupCaller.dll
2011-12-23 19:58:28 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2011-12-07 18:29:22 380445 ----a-w- C:\Windows\SysWow64\temp.000
2011-12-07 18:29:22 30749 ----a-w- C:\Windows\SysWow64\temp.001
2011-12-07 18:27:41 266240 ------w- C:\Windows\Setup1.exe
2011-12-07 18:27:36 74752 ----a-w- C:\Windows\ST6UNST.EXE
2011-12-01 08:30:40 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 11:32:58,07 ===============
Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.23.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Wolfgang :: BLACKBOX [Administrator] 24.02.2012 11:39:44 mbam-log-2012-02-24 (11-45-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191078 Laufzeit: 3 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{FDBE492E-6BDF-11E0-969E-001FD05AF8B3} (Backdoor.Messa) -> Daten: C:\Users\Wolfgang\AppData\Roaming\Microsoft\torrent.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Wolfgang\AppData\Local\Temp\0.4594606349077066.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt. C:\Users\Wolfgang\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 24.02.2012 11:50:19 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = X:\downloads\virus 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 69,19% Memory free 7,00 Gb Paging File | 5,93 Gb Available in Paging File | 84,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 467,67 Gb Total Space | 373,20 Gb Free Space | 79,80% Space Free | Partition Type: NTFS Drive D: | 465,63 Gb Total Space | 434,81 Gb Free Space | 93,38% Space Free | Partition Type: NTFS Drive E: | 465,73 Gb Total Space | 119,12 Gb Free Space | 25,58% Space Free | Partition Type: NTFS Drive N: | 14,91 Gb Total Space | 8,63 Gb Free Space | 57,87% Space Free | Partition Type: FAT32 Drive X: | 463,88 Gb Total Space | 391,07 Gb Free Space | 84,30% Space Free | Partition Type: NTFS Computer Name: BLACKBOX | User Name: Wolfgang | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.24 11:44:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- X:\downloads\virus\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.29 18:40:56 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.06.28 16:39:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 08:52:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.01 09:30:40 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.11.24 22:23:36 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) DRV:64bit: - [2011.11.24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.08.19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam C210(UVC) DRV:64bit: - [2011.08.19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.28 16:39:21 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 16:39:21 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.11.11 16:41:06 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64) DRV:64bit: - [2009.07.30 02:24:40 | 006,103,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009.05.08 10:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.03 05:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2008.06.18 10:20:32 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F E8 B1 31 6D D4 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.17 20:29:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.21 10:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Extensions [2012.01.28 23:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\f7gs1vpe.default\extensions [2011.08.27 14:30:05 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\f7gs1vpe.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.12.24 12:36:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\f7gs1vpe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.11 13:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.10 21:17:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\WOLFGANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F7GS1VPE.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI () (No name found) -- C:\USERS\WOLFGANG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F7GS1VPE.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.17 20:29:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.10 19:24:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 19:24:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.10 19:24:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 19:24:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 19:24:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 19:24:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wolfgang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E2E1CD-B322-4F7A-92B8-7E11C60CB1E3}: NameServer = 145.253.2.75,195.50.140.250 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ae7c9f80-1b4d-11e1-b8a2-001fd05af8b3}\Shell - "" = AutoRun O33 - MountPoints2\{ae7c9f80-1b4d-11e1-b8a2-001fd05af8b3}\Shell\AutoRun\command - "" = G:\DPFMate.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.24 11:39:08 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\Malwarebytes [2012.02.24 11:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.24 11:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.24 11:39:04 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.24 11:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.05 15:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archimedes Geo3D [2012.02.05 15:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Archimedes Geo3D [2012.02.04 17:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2012.02.03 14:35:00 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Local\Loden_Software [2012.02.02 19:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chapter and Verse [2012.02.02 19:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chapter and Verse [2012.02.02 19:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.01.29 16:36:58 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE [2012.01.29 16:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research [2012.01.29 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Local\{CC97898E-98A4-440A-BD6C-A187C5B25B58} [2012.01.29 12:27:30 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Local\{7F1200DF-A424-4745-8713-65645FFFD366} [2012.01.29 11:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lidl-Fotos [2012.01.29 11:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lidl_Fotos [2012.01.29 11:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lidl_Fotos [2012.01.28 16:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.01.28 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.01.27 16:30:45 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\MP3toiPodAudioBookConverter [2012.01.27 16:29:07 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 to iPod Audio Book Converter [2012.01.27 16:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3ToIpodAudioBookConverter [2012.01.27 15:51:56 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2012.01.27 15:31:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32 [2012.01.27 15:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex [2012.01.27 15:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDex ========== Files - Modified Within 30 Days ========== [2012.02.24 11:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.24 11:47:08 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012.02.24 11:39:05 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.24 11:30:18 | 000,000,168 | ---- | M] () -- C:\Users\Wolfgang\defogger_reenable [2012.02.24 11:29:03 | 000,000,701 | ---- | M] () -- C:\Users\Wolfgang\Desktop\Defogger.exe - Verknüpfung.lnk [2012.02.24 11:22:48 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.24 11:22:48 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.24 11:22:48 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.24 11:22:48 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.24 11:22:48 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.24 11:04:51 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.24 10:42:42 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.24 10:42:42 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.23 22:33:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.22 20:46:44 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.02.05 15:26:07 | 000,000,012 | ---- | M] () -- C:\Users\Wolfgang\tmpifo.bat [2012.02.04 17:38:43 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2012.02.04 17:12:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2012.02.02 10:19:42 | 000,001,026 | ---- | M] () -- C:\Users\Wolfgang\Desktop\Dropbox.lnk [2012.02.02 10:19:42 | 000,001,006 | ---- | M] () -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.28 16:14:36 | 000,001,098 | ---- | M] () -- C:\Users\Wolfgang\Desktop\EVEREST Home Edition.lnk ========== Files Created - No Company Name ========== [2012.02.24 11:39:05 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.24 11:30:18 | 000,000,168 | ---- | C] () -- C:\Users\Wolfgang\defogger_reenable [2012.02.24 11:29:03 | 000,000,701 | ---- | C] () -- C:\Users\Wolfgang\Desktop\Defogger.exe - Verknüpfung.lnk [2012.02.24 11:26:02 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012.02.05 15:26:07 | 000,000,012 | ---- | C] () -- C:\Users\Wolfgang\tmpifo.bat [2012.02.04 17:12:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2012.01.28 16:14:36 | 000,001,098 | ---- | C] () -- C:\Users\Wolfgang\Desktop\EVEREST Home Edition.lnk [2012.01.12 14:10:32 | 000,000,600 | ---- | C] () -- C:\Users\Wolfgang\AppData\Roaming\winscp.rnd [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.21 21:00:43 | 000,000,419 | ---- | C] () -- C:\Windows\ODBC.INI [2011.12.21 21:00:40 | 000,000,210 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.28 09:57:57 | 000,007,605 | ---- | C] () -- C:\Users\Wolfgang\AppData\Local\Resmon.ResmonCfg [2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.05.22 10:00:01 | 000,004,608 | ---- | C] () -- C:\Users\Wolfgang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 13:53:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.27 18:24:14 | 000,000,803 | ---- | C] () -- C:\Windows\wiso.ini [2011.04.21 18:38:50 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.04.21 10:38:02 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.21 10:38:02 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011.04.20 21:14:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.11.26 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\All Free Video Joiner [2011.11.24 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Audacity [2011.12.26 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Awneni [2011.05.22 11:43:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\biu software [2012.02.05 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\BOM [2011.04.27 19:04:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Buhl Data Service [2011.05.22 10:10:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Canneverbe Limited [2011.07.10 11:39:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Canon [2011.05.22 10:17:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\CD-LabelPrint [2012.01.30 20:34:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\DAEMON Tools Lite [2011.09.15 08:08:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Digiarty [2012.02.24 11:05:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Dropbox [2011.10.30 20:08:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Free Download Manager [2011.06.02 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\GARMIN [2011.07.14 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\GHISLER [2011.12.23 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\HandBrake [2011.04.25 12:45:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\inkscape [2011.04.28 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Leadertech [2012.02.04 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Mp3tag [2012.01.27 16:30:45 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\MP3toiPodAudioBookConverter [2011.08.11 20:19:55 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\NeatImage SL 64 [2012.01.12 14:20:55 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Notepad++ [2011.06.08 05:56:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Philipp Winterberg [2012.01.11 21:24:12 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\redsn0w [2012.01.27 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Samsung [2011.10.04 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Stellarium [2011.12.20 13:54:04 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Temp [2011.07.17 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\TrafficMonitor [2011.05.09 15:09:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\XMedia Recode [2012.02.13 18:53:18 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\XnView [2011.09.13 19:07:48 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Yamb [2011.12.26 20:16:50 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Ysduxa [2011.11.30 22:05:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.02.2012 11:50:19 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = X:\downloads\virus
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 69,19% Memory free
7,00 Gb Paging File | 5,93 Gb Available in Paging File | 84,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,67 Gb Total Space | 373,20 Gb Free Space | 79,80% Space Free | Partition Type: NTFS
Drive D: | 465,63 Gb Total Space | 434,81 Gb Free Space | 93,38% Space Free | Partition Type: NTFS
Drive E: | 465,73 Gb Total Space | 119,12 Gb Free Space | 25,58% Space Free | Partition Type: NTFS
Drive N: | 14,91 Gb Total Space | 8,63 Gb Free Space | 57,87% Space Free | Partition Type: FAT32
Drive X: | 463,88 Gb Total Space | 391,07 Gb Free Space | 84,30% Space Free | Partition Type: NTFS
Computer Name: BLACKBOX | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = SigilTXT] -- C:\Program Files\Sigil\Sigil.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = SigilTXT] -- C:\Program Files\Sigil\Sigil.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SigilHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{316F73CB-AA70-5C8D-8639-754A83785F0B}" = ccc-utility64
"{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}" = ATI Catalyst Install Manager
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Neat Image Standalone_is1" = Neat Image v7.0 Demo Standalone
"Sigil_is1" = Sigil 0.4.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1169F065-4ECC-7FA8-BB92-3F57A2D40902}" = Catalyst Control Center InstallProxy
"{14D7E33C-F87C-CC37-DCEE-C6B1B20AFB50}" = CCC Help Dutch
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209AEB0A-92C8-B914-18E2-DABB4B0A647C}" = CCC Help Italian
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26
"{28F76B92-5A52-AB9E-D7FE-A36910A5D6D5}" = CCC Help Japanese
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2AF8EE7A-AEE4-D7C8-C78F-5BFCA3604F90}" = Catalyst Control Center Core Implementation
"{33356C7B-2E63-A627-D216-50E6F67049A1}" = CCC Help Norwegian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47690942-22CE-4E8E-95E7-EDFC7E246A38}" = Chapter and Verse
"{483B6E04-945C-9A23-9CC6-838CCDFAE1E1}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5C251570-1501-D09E-8D77-F3F4B3D05C75}" = CCC Help Spanish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71420D0A-5747-8BE7-9B86-A3A07E0A0535}" = CCC Help German
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73B289B2-CD2F-CCDA-189B-C020C81A2459}" = CCC Help Turkish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{82B161E9-F104-D58C-8CBF-723DDEF29126}" = Catalyst Control Center Graphics Full Existing
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D29BC4-3DBB-99D2-AF1D-FF124AFAC0D2}" = ccc-core-static
"{87C73319-E995-BB20-7B5C-B48EB5146380}" = CCC Help English
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89E3D091-D6C0-1986-0EE9-7C7FB29C4CED}" = CCC Help Chinese Traditional
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B6C20A7-193B-33C0-2793-8927D0EF5789}" = CCC Help Czech
"{8BC6D76A-9511-1C7D-9068-C5F3F04E5693}" = Catalyst Control Center Graphics Previews Vista
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F3CDC72-72A1-43C6-9978-35E8C2A5E322}" = StarMoney 7.0 S-Edition
"{A1C902DE-AEFA-E959-D95F-63D7987E1E69}" = CCC Help Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ADD9AEE8-B916-4CD6-A04B-9386DF90D594}" = Deutsche Post E-Porto
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA44B10C-58A4-07EF-9FF8-5A5534B2A95D}" = Catalyst Control Center Localization All
"{BC0A21D2-A3CF-6FF1-2874-70CDA7383751}" = CCC Help Korean
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C740B297-F870-8FC6-5518-BD5B5EE444B6}" = Catalyst Control Center Graphics Full New
"{CE6F531A-92B0-474A-93EE-5DDA0B66F611}" = Samsung Theme Designer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D105199C-9D8C-5082-D90F-3BBCAE12B140}" = CCC Help Portuguese
"{D20A1D72-BE71-2479-81AB-E85DBAB6B426}" = CCC Help Greek
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D565DBBA-4502-9CAF-4594-6770A9B26652}" = CCC Help Russian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E20C4511-D110-522C-7120-DBA7B9032207}" = CCC Help Finnish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{E79FB24C-27F2-9F87-DB58-2BADB7A4AB2C}" = CCC Help Polish
"{EBBCBC9A-1281-D33E-4AD2-C3E8A36D9E1F}" = Catalyst Control Center Graphics Previews Common
"{EC758AC2-7F43-C537-F97D-AEC40CA99FD8}" = CCC Help Swedish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6840F51-45F1-71C2-E87E-3CB1EEA7D775}" = CCC Help French
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8D8E67-41B3-C056-1BE1-8DF10AA4899B}" = CCC Help Hungarian
"{FAD49114-4CE2-5239-3F48-584D9715370E}" = Catalyst Control Center Graphics Light
"{FD031795-B2C6-02CB-ADFE-05AF027F5483}" = CCC Help Danish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Archimedes Geo3D_is1" = Archimedes Geo3D 1.3.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Celestia_is1" = Celestia 1.6.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"dm-Fotowelt" = dm-Fotowelt
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDStyler_is1" = DVDStyler v2.1 beta 2
"EasyGPS_is1" = EasyGPS 4.18
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"GeoGebra" = GeoGebra
"HandBrake" = HandBrake 0.9.5
"Inkscape" = Inkscape 0.48.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Mp3tag" = Mp3tag v2.49b
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"RarZilla Free Unrar" = RarZilla Free Unrar
"Stellarium_is1" = Stellarium 0.10.6.1
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.0.5 beta
"XMedia Recode" = XMedia Recode 3.0.5.6
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2012 17:57:55 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023
Error - 04.01.2012 17:57:56 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.01.2012 17:57:56 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022
Error - 04.01.2012 17:57:56 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022
Error - 04.01.2012 17:57:57 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.01.2012 17:57:57 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
Error - 04.01.2012 17:57:57 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
Error - 04.01.2012 17:57:58 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.01.2012 17:57:58 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018
Error - 04.01.2012 17:57:58 | Computer Name = BlackBox | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018
[ System Events ]
Error - 24.02.2012 06:47:32 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:49:14 | Computer Name = BlackBox | Source = DCOM | ID = 10005
Description =
Error - 24.02.2012 06:49:14 | Computer Name = BlackBox | Source = DCOM | ID = 10005
Description =
Error - 24.02.2012 06:49:17 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:49:31 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:49:31 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:49:31 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:54:31 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:54:31 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2012 06:54:31 | Computer Name = BlackBox | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
24.02.2012, 12:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Blackscreen mit Hinweis auf infiziertes System und Zahlungsaufforderung Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Blackscreen mit Hinweis auf infiziertes System und Zahlungsaufforderung |
| 64-bit, antivir, antivir guard, autorun, avgnt, avira, backdoor.messa, bonjour, dateisystem, desktop, deutsche post, device driver, document, error, exploit.drop.2, firefox, flash player, free download, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, installation, jdownloader, langs, logfile, lws.exe, microsoft office word, mozilla, mp3, msiexec, plug-in, problem, realtek, registry, rundll, senden, software, starmoney, svchost.exe, system, total commander, version=1.0, windows, windows xp |
Linear-Darstellung
