| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.03.2012, 18:17
| #1 |
| |  Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) Guten Abend, wie soviele hats auch mich auch erwischt! Was ich bisher gemacht habe: - windows 7 (64bit) im abgesicherten modus gestartet - mam fullscan gemacht (6 trojaner gefunden und gelöscht) - mit otl.exe einen fullscan durch geführt - den log (otl.txt) ist unten in der textbox und die extras.txt im anhang schon im Voraus ein ganz grosses DANKESCHÖN für eure Hilfe!!! Code:
ATTFilter OTL logfile created on: 25.03.2012 17:48:40 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = M:\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,97 Gb Available Physical Memory | 87,17% Memory free 25,99 Gb Paging File | 25,12 Gb Available in Paging File | 96,65% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 163,03 Gb Total Space | 104,48 Gb Free Space | 64,09% Space Free | Partition Type: NTFS Drive D: | 113,55 Gb Total Space | 107,36 Gb Free Space | 94,55% Space Free | Partition Type: NTFS Drive E: | 51,24 Gb Total Space | 45,14 Gb Free Space | 88,10% Space Free | Partition Type: NTFS Drive F: | 302,73 Gb Total Space | 203,90 Gb Free Space | 67,35% Space Free | Partition Type: NTFS Drive G: | 119,33 Gb Total Space | 106,05 Gb Free Space | 88,87% Space Free | Partition Type: NTFS Drive H: | 181,64 Gb Total Space | 157,81 Gb Free Space | 86,88% Space Free | Partition Type: NTFS Drive I: | 6,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive K: | 2794,51 Gb Total Space | 2341,44 Gb Free Space | 83,79% Space Free | Partition Type: NTFS Drive L: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 14,92 Gb Total Space | 14,80 Gb Free Space | 99,19% Space Free | Partition Type: FAT32 Computer Name: REDDRAGON | User Name: Red Dragon | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.25 16:51:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- M:\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 22:16:09 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.02 23:55:16 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.01 18:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2010.12.06 09:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 01:04:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.02.17 00:24:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Stopped] -- F:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 21:22:04 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2011.09.11 17:07:54 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.07.07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010.07.07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.07.07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.07.07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.07.07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.07.07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.07.07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2010.07.07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.01 12:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.12.11 15:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daum.net/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "Plus! Network" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://anime-loads.org/" FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.plusnetwork.com/?sp=addr&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.21 15:06:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.01 15:19:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Red Dragon\AppData\Roaming\11003 [2012.03.25 15:42:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{d591241b-9967-418c-9b7d-ee128131d60d}: C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy [2010.06.09 22:04:23 | 000,000,000 | ---D | M] [2010.02.16 23:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Extensions [2012.03.09 00:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions [2012.03.09 00:39:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.03.09 00:39:18 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2011.09.03 21:04:44 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\bbrs_002@blabbers.com [2011.03.28 20:04:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\engine@conduit.com [2011.03.12 01:03:52 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\personas@christopher.beard [2010.12.09 22:36:51 | 000,000,935 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\conduit.xml [2012.03.22 03:11:07 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-1.xml [2011.09.19 01:07:56 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-10.xml [2011.10.11 17:28:10 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-11.xml [2011.11.20 20:26:42 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-12.xml [2011.12.23 23:24:47 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-13.xml [2011.03.23 15:52:55 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-2.xml [2011.05.08 21:40:35 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-3.xml [2011.05.12 21:43:01 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-4.xml [2011.06.24 20:37:38 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-5.xml [2011.07.06 23:18:29 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-6.xml [2011.08.18 00:20:29 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-7.xml [2011.09.03 20:46:05 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-8.xml [2011.09.03 21:24:35 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-9.xml [2011.03.01 19:12:56 | 000,001,056 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin.xml [2012.02.09 21:54:18 | 000,002,770 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\Plusnetwork.xml [2011.02.26 19:57:06 | 000,002,012 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\xrnb-suche.xml [2011.12.23 23:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\RED DRAGON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFBZ982X.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.03.21 15:06:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.03.10 01:38:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.10 01:38:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.10 01:38:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.10 01:38:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.10 01:38:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.10 01:38:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\SysWOW64\gigagetbho_v10.dll (Giganology Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Red Dragon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [SkypePM] C:\Users\Red Dragon\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download All by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\getallurl.htm () O8:64bit: - Extra context menu item: &Download by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\geturl.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\getallurl.htm () O8 - Extra context menu item: &Download by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\geturl.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - F:\Games\SECRET~1\\SECRET~1.EXE File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A69CD0CB-A076-43B9-9922-CE04A4BE251F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F390E956-F9DD-422B-8C74-7CC75343B3F5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.09 12:28:28 | 000,190,342 | R--- | M] () - I:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2012.02.04 04:49:26 | 000,000,106 | R--- | M] () - I:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.10.11 16:43:59 | 000,000,000 | ---- | M] () - K:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1610ed77-3fdb-11df-b895-001f3f07e0fa}\Shell - "" = AutoRun O33 - MountPoints2\{1610ed77-3fdb-11df-b895-001f3f07e0fa}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () O33 - MountPoints2\{27fec4a2-4257-11df-a0f1-001f3f07e0fa}\Shell - "" = AutoRun O33 - MountPoints2\{f0533075-1414-11e0-b209-00235473cd4b}\Shell - "" = AutoRun O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Installer.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.25 15:42:24 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\11003 [2012.03.25 15:42:07 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\xmldm [2012.03.25 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\kock [2012.03.13 20:55:59 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.13 20:55:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.13 20:55:58 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.13 20:53:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.13 20:53:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.13 20:53:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.13 20:53:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.13 20:53:19 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.03.13 20:53:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.13 20:53:19 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.11 17:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.11 17:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.10 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Local\Daum [2012.03.10 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\PotPlayer64 [2012.03.10 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum [2012.03.10 21:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum [2012.03.10 21:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\PotPlayer [2012.03.09 00:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.03.08 23:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 [2012.03.08 23:37:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.03.08 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.03.08 23:03:56 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\Origin [2012.03.08 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Local\Origin [2012.03.08 23:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.03.08 23:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.02.24 22:42:44 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.24 22:42:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.24 22:42:43 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.24 22:42:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.24 22:42:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.24 22:42:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.24 22:42:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.24 22:42:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.24 22:42:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.24 22:42:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.24 22:42:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.24 22:42:12 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.24 22:42:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.24 22:42:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.24 22:42:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Red Dragon\AppData\Roaming\*.tmp files -> C:\Users\Red Dragon\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.25 17:22:45 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.25 17:22:45 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.25 17:22:45 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.25 17:22:45 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.25 17:22:45 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.25 17:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.25 17:17:31 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys [2012.03.25 17:00:49 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.03.25 17:00:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.03.25 17:00:49 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.03.25 17:00:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Red Dragon-Startup.job [2012.03.25 15:53:40 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.03.25 15:53:40 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.03.25 15:53:40 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.03.25 15:42:17 | 000,280,056 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\AcroIEHelpe.dll [2012.03.25 15:42:17 | 000,005,624 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\BAcroIEHelpe.dll [2012.03.25 15:42:14 | 000,000,016 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\blckdom.res [2012.03.25 15:38:48 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 15:38:48 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 18:43:52 | 635,913,881 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.03.14 18:54:36 | 000,304,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.11 17:49:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.10 21:18:47 | 000,000,854 | ---- | M] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64 Playback Only.lnk [2012.03.10 21:18:47 | 000,000,826 | ---- | M] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64.lnk [2012.03.08 23:37:22 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2012.03.08 23:03:39 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.02.25 02:31:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.02.25 02:26:42 | 000,000,412 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\All CPU Meter_Settings.ini [2012.02.24 22:48:13 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Red Dragon\AppData\Roaming\*.tmp files -> C:\Users\Red Dragon\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.25 15:42:17 | 000,280,056 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\AcroIEHelpe.dll [2012.03.25 15:42:17 | 000,005,624 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\BAcroIEHelpe.dll [2012.03.25 15:42:14 | 000,000,016 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\blckdom.res [2012.03.10 21:18:47 | 000,000,854 | ---- | C] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64 Playback Only.lnk [2012.03.10 21:18:47 | 000,000,826 | ---- | C] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64.lnk [2012.03.08 23:37:22 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2012.03.08 23:03:39 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.11 18:38:11 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.06.23 13:50:19 | 000,000,412 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\All CPU Meter_Settings.ini [2011.05.29 17:12:21 | 000,000,353 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\Network Meter_Settings.ini [2011.05.29 17:10:22 | 000,000,339 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\Drives Meter_Settings.ini [2011.03.06 20:56:37 | 000,000,127 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\default.rss [2011.02.25 00:09:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.26 22:12:55 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2010.07.07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2010.07.07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2010.07.07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2010.07.07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe ========== LOP Check ========== [2012.03.25 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\11003 [2010.09.12 16:01:44 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Acreon [2010.03.14 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Amazon [2012.02.03 20:36:01 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\BitTorrent [2010.11.28 20:36:04 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Canon [2011.08.07 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\com.socialbox.socialbox [2010.06.09 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\GMX [2011.11.23 21:13:31 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\ICQ [2012.03.25 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\kock [2010.12.01 19:35:58 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Leadertech [2011.09.03 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Lionhead Studios [2011.02.13 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Mount&Blade Warband [2010.03.28 20:35:11 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\OCS [2010.03.28 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Opera [2012.03.08 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Origin [2012.03.10 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\PotPlayer64 [2010.02.19 00:15:13 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\ROCCAT [2011.10.11 16:45:55 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Seagate [2012.01.16 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Stardock [2011.05.28 14:00:39 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\TS3Client [2011.05.22 21:45:02 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\ts3overlay [2011.09.11 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Uniblue [2012.03.25 15:42:07 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\xmldm [2012.03.25 17:00:49 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012.03.25 17:00:49 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011.11.20 19:25:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.25 17:00:49 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job [2012.03.25 17:00:49 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Red Dragon-Startup.job ========== Purity Check ========== < End of report > |
| Themen zu Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) |
| autorun, bho, blockiert, canon, cpu, defender, download, error, explorer, explorer.exe, firefox, format, gelöscht, helper, hilfe!!, launch, log, logfile, malwarebytes, microsoft, nvidia, origin, plug-in, registry, rojaner gefunden, searchscopes, software, stick, trojaner, trojaner gefunden, version=1.0, windows, winlogon |
Baum-Darstellung