![]() |
|
Plagegeister aller Art und deren Bekämpfung: iexplore Verbindung mit Facebook?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() iexplore Verbindung mit Facebook? Hallo, durch meinen Ressourcenmonitor habe ich festgestellt, dass es eine Verbingung zu Facebook auf meinem Rechner gibt. siehe anhängendes jpg. Ich bin nicht Facebook Mitglied. Meine AV ist Kaspersky Pure 2.0 Um sicher zu sein, dass die Verbindung nicht durch Maleware auf meinem Rechner initiiert wird, habe ich geggogelt und Euch gefunden. Ich habe dann Malewarebyte installiert und scannen lassen. Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andreas :: OFFICEHOME [Administrator] Schutz: Aktiviert 11.07.2012 12:23:50 mbam-log-2012-07-11 (12-23-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 495940 Laufzeit: 9 Stunde(n), 12 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\download\Microsoft\Windows XP\update_xp_cd_key.exe (Backdoor.IRCbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. Z:\Download\Microsoft\Windows XP\update_xp_cd_key.exe (Backdoor.IRCbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:32 on 12/07/2012 (Andreas) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 12.07.2012 10:35:10 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = D:\download\TrojanerBoard 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,00 Gb Total Physical Memory | 3,50 Gb Available Physical Memory | 70,01% Memory free 10,00 Gb Paging File | 8,18 Gb Available in Paging File | 81,81% Paging File free Paging file location(s): e:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 199,93 Gb Total Space | 157,29 Gb Free Space | 78,67% Space Free | Partition Type: NTFS Drive D: | 167,73 Gb Total Space | 32,25 Gb Free Space | 19,22% Space Free | Partition Type: NTFS Drive E: | 16,47 Gb Total Space | 11,30 Gb Free Space | 68,60% Space Free | Partition Type: NTFS Drive F: | 107,22 Gb Total Space | 99,10 Gb Free Space | 92,43% Space Free | Partition Type: NTFS Drive G: | 83,86 Gb Total Space | 43,31 Gb Free Space | 51,64% Space Free | Partition Type: NTFS Drive H: | 83,75 Gb Total Space | 49,27 Gb Free Space | 58,83% Space Free | Partition Type: NTFS Drive Z: | 298,09 Gb Total Space | 230,23 Gb Free Space | 77,24% Space Free | Partition Type: NTFS Computer Name: ++++++++++ | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.12 10:30:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\download\TrojanerBoard\OTL.exe PRC - [2012.07.12 10:29:12 | 000,050,477 | ---- | M] () -- D:\download\TrojanerBoard\Defogger.exe PRC - [2012.07.05 16:51:34 | 003,491,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- F:\Programme\(x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.05.24 03:41:20 | 001,576,080 | ---- | M] (QNAP Systems, Inc.) -- F:\Programme\(x86)\NetBak\Enclosure.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.27 22:25:04 | 001,173,680 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.04.27 22:22:54 | 000,403,656 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2012.04.27 22:22:12 | 005,993,136 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012.04.17 08:13:04 | 001,738,352 | ---- | M] () -- F:\Programme\(x86)\Finder\iSCSIAgent.exe PRC - [2012.03.29 15:59:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- F:\Programme\(x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.11 14:01:55 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\*******\AppData\Local\Apps\2.0\6NLOL0XP.XBE\1Y3EEC9L.7RD\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2011.09.02 02:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- F:\Programme\(x86)\Microsoft Office 2003\Office14\ONENOTEM.EXE PRC - [2011.09.01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011.08.30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010.05.20 16:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2010.05.05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010.05.05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2009.12.21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.07.12 10:29:12 | 000,050,477 | ---- | M] () -- D:\download\TrojanerBoard\Defogger.exe MOD - [2012.06.15 09:23:00 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.15 09:22:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 09:22:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.15 09:22:34 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012.06.15 09:22:32 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.06.13 12:38:02 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012.06.13 12:37:53 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.05.28 20:12:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.28 20:11:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.28 20:08:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.28 20:08:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.28 20:08:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.28 20:08:29 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.28 11:36:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.28 11:36:39 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.28 11:36:27 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.28 11:36:17 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.04.27 22:21:52 | 013,005,104 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2012.04.17 08:13:04 | 001,738,352 | ---- | M] () -- F:\Programme\(x86)\Finder\iSCSIAgent.exe MOD - [2012.01.11 14:01:50 | 000,368,640 | ---- | M] () -- C:\Users\*******\AppData\Local\Apps\2.0\6NLOL0XP.XBE\1Y3EEC9L.7RD\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2011.12.24 12:22:20 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll MOD - [2011.12.24 12:22:20 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll MOD - [2011.12.24 12:22:16 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll MOD - [2011.12.24 12:22:16 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll MOD - [2011.12.24 12:22:14 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll MOD - [2011.12.24 12:22:12 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll MOD - [2011.12.24 12:21:10 | 000,459,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll MOD - [2011.04.12 09:43:19 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2006.06.09 16:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.07.05 16:51:34 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Programme\(x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.25 17:49:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.04.27 22:23:22 | 001,133,360 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.03.29 15:59:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.28 13:55:44 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- F:\Programme\(x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.13 18:11:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.01.13 18:06:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.09.20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- F:\Programme\(x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.12.12 04:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.05 16:51:36 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.07.05 16:51:30 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.07.05 16:51:27 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.07.05 16:51:23 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.07.05 16:51:22 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) Acronis Disk Storage Filter (67) DRV:64bit: - [2012.07.05 16:51:21 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.07.05 16:51:20 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.28 13:56:00 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 16:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.01.18 16:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.01.11 14:01:53 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.10.20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2011.10.20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.10.07 11:24:12 | 000,152,064 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2011.09.12 16:17:42 | 000,639,280 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.08.10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.07.25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011.07.20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011.04.12 01:24:20 | 000,006,144 | ---- | M] (Hitachi, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jdngrcmrpd.sys -- (jdngrcmrpd) DRV:64bit: - [2011.04.07 08:56:46 | 000,007,296 | ---- | M] (Hitachi, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jdngrcvkbd.sys -- (VHidKbd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.05.20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2010.05.05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.05.05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.05.05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.05.05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.05.05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.05.05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2010.05.05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.05.05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.05.05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.05.05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010.03.04 19:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.12.14 13:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2009.12.14 13:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.10.19 10:37:56 | 000,543,232 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7070P_64.sys -- (Ltn_stk7070P_64) DRV:64bit: - [2007.10.19 10:37:56 | 000,016,256 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stkrc_64.sys -- (Ltn_stkrc_64) DRV - [2012.03.21 12:03:41 | 000,053,760 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV76.sys -- (SSHDRV76) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- F:\Programme\(x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\Programme\(x86)\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\..\SearchScopes,DefaultScope = {3BEE3214-C6C5-4352-8F73-C3A8A7A23FEB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3BEE3214-C6C5-4352-8F73-C3A8A7A23FEB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\(x86)\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\(x86)\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: F:\Programme\(x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.12 17:37:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012.06.15 09:35:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012.06.15 09:35:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.15 09:35:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: F:\Programme\(x86)\Mozilla Firefox\components [2012.06.22 10:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: F:\Programme\(x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: F:\Programme\(x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.12 17:37:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: F:\Programme\(x86)\Mozilla Firefox\components [2012.06.22 10:18:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: F:\Programme\(x86)\Mozilla Firefox\plugins [2012.02.22 10:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions [2012.03.05 12:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ppv1iju7.default\extensions [2012.06.15 09:35:50 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 2.0\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2012.03.05 12:51:31 | 000,773,933 | ---- | M] () (No name found) -- C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PPV1IJU7.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI O1 HOSTS File: ([2012.03.26 21:09:09 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.facebook.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Programme\(x86)\Kaspersky Lab\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Programme\(x86)\Kaspersky Lab\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\(x86)\Microsoft Office 2003\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Programme\(x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] F:\Programme\(x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MMReminderService] F:\Programme\(x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*******\AppData\Local\Apps\2.0\6NLOL0XP.XBE\1Y3EEC9L.7RD\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = F:\Programme\(x86)\Microsoft Office 2003\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Programme\(x86)\Kaspersky Lab\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Programme\(x86)\Kaspersky Lab\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\(x86)\Microsoft Office 2003\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\(x86)\Microsoft Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} hxxp://w3.sis.com/ocis/OSInfo.cab (OSInfo Control) O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} hxxp://w3.sis.com/ocis/SiSAutodetectNT.cab (SiS_OCX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14089DBD-C127-416C-BFC5-91A89CC15C11}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.03.29 22:43:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.03.05 17:15:34 | 000,000,000 | ---D | M] - Z:\autorun -- [ NTFS ] O32 - AutoRun File - [2004.01.22 16:47:00 | 000,000,038 | ---- | M] () - Z:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.11 12:22:13 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes [2012.07.11 12:22:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.11 12:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.11 12:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.09 11:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang [2012.07.09 09:25:10 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\AVM [2012.07.05 16:51:36 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\4B71C6F2-7AFC-4240-827F-FEC445F51B6B [2012.07.05 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.12 10:32:20 | 000,000,000 | ---- | M] () -- C:\Users\*******\defogger_reenable [2012.07.12 10:27:44 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2012.07.12 09:59:53 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 09:59:53 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 09:55:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.12 09:52:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.12 09:52:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.12 09:52:18 | 4026,019,840 | -HS- | M] () -- C:\hiberfil.sys [2012.07.12 09:51:36 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000006-00001102-00000005-00311102}.rfx [2012.07.12 09:51:36 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000006-00001102-00000005-00311102}.rfx [2012.07.12 09:51:36 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000006-00001102-00000005-00311102}.rfx [2012.07.12 09:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.11 12:46:11 | 000,007,610 | ---- | M] () -- C:\Users\*******\AppData\Local\Resmon.ResmonCfg [2012.07.11 12:18:10 | 000,030,243 | ---- | M] () -- C:\Users\*******\Desktop\wegen Facebook.JPG [2012.07.11 10:13:02 | 000,356,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.05 16:50:47 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 20:15:54 | 000,597,673 | ---- | M] () -- C:\Users\*******\Desktop\153DE_WP_Projektmanagement-ohne-Helden.pdf [2012.06.25 17:10:24 | 001,621,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.25 17:10:24 | 000,700,332 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.25 17:10:24 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.25 17:10:24 | 000,149,146 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.25 17:10:24 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 11:24:32 | 000,038,414 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft Excel.ADR [2012.06.13 11:21:03 | 013,476,864 | ---- | M] () -- C:\Users\*******\Desktop\Firmen.pst [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.12 10:32:20 | 000,000,000 | ---- | C] () -- C:\Users\*******\defogger_reenable [2012.07.11 12:15:27 | 000,030,243 | ---- | C] () -- C:\Users\*******\Desktop\wegen Facebook.JPG [2012.07.05 16:50:47 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk [2012.07.02 20:15:54 | 000,597,673 | ---- | C] () -- C:\Users\*******\Desktop\153DE_WP_Projektmanagement-ohne-Helden.pdf [2012.06.13 11:24:32 | 000,038,414 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Microsoft Excel.ADR [2012.06.13 11:20:06 | 013,476,864 | ---- | C] () -- C:\Users\*******\Desktop\Firmen.pst [2012.05.30 15:15:16 | 000,017,408 | ---- | C] () -- C:\Users\*******\AppData\Local\WebpageIcons.db [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.04.16 12:02:18 | 000,000,276 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.03.21 11:20:43 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV76.sys [2012.03.21 11:20:07 | 000,000,032 | ---- | C] () -- C:\Windows\WISO.INI [2012.03.21 11:07:54 | 000,000,229 | ---- | C] () -- C:\Windows\BUHL.INI [2012.02.16 13:38:47 | 000,000,000 | ---- | C] () -- C:\Users\*******\netsh [2012.02.06 10:33:25 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini [2012.02.06 10:33:25 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini [2012.02.06 10:33:13 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll [2012.02.06 10:33:13 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll [2012.02.06 10:33:13 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll [2012.02.06 10:33:13 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll [2012.02.06 10:33:13 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll [2012.02.06 10:33:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll [2012.01.13 17:25:33 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.01.13 17:25:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.01.13 17:24:09 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2012.01.13 15:41:23 | 011,296,768 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Sandra.mdb [2012.01.12 17:31:26 | 000,245,489 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.01.12 17:31:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.01.12 15:48:06 | 000,083,526 | ---- | C] () -- C:\Windows\hpqins13.dat [2012.01.12 15:31:20 | 000,244,582 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2012.01.12 15:31:20 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2012.01.08 02:00:10 | 000,007,610 | ---- | C] () -- C:\Users\*******\AppData\Local\Resmon.ResmonCfg [2012.01.08 00:53:42 | 001,598,216 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.08 00:03:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== LOP Check ========== [2012.07.05 16:51:36 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\4B71C6F2-7AFC-4240-827F-FEC445F51B6B [2012.01.09 15:40:01 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acronis [2012.07.09 09:25:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\AVM [2012.01.10 13:57:08 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Blackberry Desktop [2012.01.09 16:06:44 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DataDesign [2012.07.11 08:17:22 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FileZilla [2012.01.07 23:56:28 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech [2012.01.09 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Lexware [2012.04.10 23:16:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia [2012.04.10 23:16:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia Suite [2012.01.27 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera [2012.04.10 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite [2012.01.10 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\pdfforge [2012.01.10 13:53:12 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Research In Motion [2012.07.06 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TeamViewer [2012.05.25 10:57:23 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\webex [2012.03.13 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Windows Live Writer [2012.04.11 09:36:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 316 bytes -> C:\ProgramData\TEMP:9A870F8B < End of report > Kann mir jemand sagen, warum der Rechner mit Facebook kommuniziert? Vielen Dank im voraus. Viele Grüße |
Themen zu iexplore Verbindung mit Facebook? |
administrator, adobe, adobe flash player, alternate, autorun, bho, document, download, error, explorer, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, iexplore, intranet, kaspersky, langs, locker, logfile, maleware, microsoft, microsoft office 2003, monitor, nvidia, nvidia update, plug-in, programme, registry, ressourcenmonitor, scan, searchscopes, senden, tastatur, warum, windows xp |