| |
| |||||||
Log-Analyse und Auswertung: ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2012, 01:40
| #1 |
| |  ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich Hi! Ich habe heute bzw. jetzt gestern  versucht meinen PC sauber zu bekommen leider nur mit kurzem Erfolg. Nach Studie diverser Foren und Abarbeitung der Vorschläge stehe ich quasi wieder am Anfang. Es fällt auf, dass die Meldung nicht angezeigt wird, wenn ich den PC ohne Internetverbindung hochfahre. Folgendes habe ich schon versucht:- Kaspersky Rescue CD (hat einiges gefunden, leider nicht das richtige) - Einträge über abgesicherten Modus in der Registry gesucht. (Leider nicht die "typischen" Dateien gefunden. Für mich war nichts zu erkennen) - Diverse Programme scannen lassen (Spybot, Malwarebytes, Trojaner Killer, SuperAntiSpyware, Avast) Hier mal die logs: Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by HOME at 1:39:00 on 2012-02-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1270 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
B:\Programme\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
B:\Programme\SuperAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\SearchIndexer.exe
B:\Programme\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
B:\Programme\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title =
mStart Page = hxxp://www.onista.de
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 194.170.28.111:80
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - b:\programme\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - b:\programme\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - b:\programme\java\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - b:\programme\avast\aswWebRepIE.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Advanced SystemCare 5] "b:\programme\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] b:\programme\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "b:\programme\ccleaner\CCleaner.exe" /AUTO
uRun: [ffdwnd] c:\users\home\appdata\local\mozilla\firefox\firefox.exe
uRun: [SpybotSD TeaTimer] b:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [avast] "b:\programme\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "b:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\home\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - b:\programme\spybot - search & destroy\SDHelper.dll
Trusted Zone: dab-bank.de\www
Trusted Zone: dshs-koeln.de\www
Trusted Zone: tecis.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4B28DB98-F63F-44E4-BC3B-D2B0400B3543} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D3A3EF8-429C-4350-876E-941008277236} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - b:\programme\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - b:\programme\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\jwys5alp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comunio.de/team_news.phtml|hxxp://www.onvista.de/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q=
FF - plugin: b:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: b:\programme\adobe\reader\air\nppdf32.dll
FF - plugin: b:\programme\adobe\reader\browser\nppdf32.dll
FF - plugin: b:\programme\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: b:\programme\java\bin\new_plugin\npjp2.dll
FF - plugin: b:\programme\vlc\npvlc.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\home\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-8 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-8 608088]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 335320]
R1 SASDIFSV;SASDIFSV;b:\programme\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;b:\programme\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;b:\programme\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;b:\programme\iobit\advanced systemcare 5\ASCService.exe [2012-2-1 497496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-8 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-8 57688]
R2 avast! Antivirus;avast! Antivirus;b:\programme\avast\AvastSvc.exe [2011-6-8 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-3 238952]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-2-4 196912]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-17 2214504]
R2 SBSDWSCService;SBSD Security Center Service;b:\programme\spybot - search & destroy\SDWinSec.exe [2012-2-14 1153368]
R2 TomTomHOMEService;TomTomHOMEService;b:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-3 36608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-1-31 30312]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 20464]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-11 523264]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-9-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-9-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-9-27 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-31 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-31 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-31 136808]
S3 stusb2ir;USB 2.0 IrDA-Brücke;c:\windows\system32\drivers\stusb2ir.sys [2006-11-2 41728]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-14 23:31:15 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z
2012-02-14 22:18:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-14 09:12:01 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fd3693fc-4d51-4f03-97ab-47ae56508f05}\mpengine.dll
2012-02-14 00:10:28 -------- d-----w- c:\windows\system32\System32
2012-02-13 22:42:01 -------- d-----w- c:\program files\Hotspot Shield
2012-02-13 22:38:40 -------- d-----w- c:\users\home\appdata\roaming\tor
2012-02-13 22:25:21 -------- d-----w- c:\users\home\appdata\roaming\DVDVideoSoft
2012-02-13 11:08:21 231936 ----a-w- c:\windows\system32\msshsq.dll
2012-02-12 14:06:14 -------- d-----w- c:\users\home\appdata\roaming\SUPERAntiSpyware.com
2012-02-12 14:06:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-09 01:43:20 -------- d-----w- c:\program files\Dropbox
2012-02-03 09:41:29 -------- d-----w- c:\users\home\appdata\roaming\Dropbox
2012-02-01 22:35:51 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-31 22:38:43 -------- d-----w- c:\users\home\appdata\roaming\Temp
2012-01-31 22:35:46 -------- d-----w- C:\Temp
2012-01-31 22:27:26 -------- d-----w- c:\users\home\appdata\local\Samsung
2012-01-31 22:23:59 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 22:23:14 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 22:23:14 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-01-31 22:23:14 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 13:04:29 -------- d-----w- c:\program files\iPod
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-22 12:59:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-02-07 23:12:39 41184 ----a-w- c:\windows\avastSS.scr
2012-02-07 23:01:10 608088 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-07 22:59:05 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-26 23:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-22 12:12:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 14:28:36 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2011-12-28 23:57:28 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 1:39:25,04 ===============
EDIT: Schnell noch der OTL-log: Code:
ATTFilter OTL logfile created on: 15.02.2012 01:55:51 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HOME\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,03% Memory free 4,23 Gb Paging File | 3,05 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 85,00 Gb Total Space | 39,74 Gb Free Space | 46,75% Space Free | Partition Type: NTFS Computer Name: SPERL-FEST | User Name: HOME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\HOME\Desktop\OTL.exe (OldTimer Tools) PRC - B:\Programme\Firefox\firefox.exe (Mozilla Corporation) PRC - B:\Programme\Firefox\plugin-container.exe (Mozilla Corporation) PRC - B:\Programme\Avast\AvastUI.exe (AVAST Software) PRC - B:\Programme\Avast\AvastSvc.exe (AVAST Software) PRC - B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit) PRC - B:\Programme\SuperAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - B:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - B:\Programme\Firefox\mozjs.dll () MOD - B:\Programme\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV - (avast! Antivirus) -- B:\Programme\Avast\AvastSvc.exe (AVAST Software) SRV - (TomTomHOMEService) -- B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AdvancedSystemCareService5) -- B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit) SRV - (!SASCORE) -- B:\Programme\SuperAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (SBSDWSCService) -- B:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (SASDIFSV) -- B:\Programme\SuperAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- B:\Programme\SuperAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SmartDefragDriver) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (stusb2ir) -- C:\Windows\System32\drivers\stusb2ir.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onista.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F B0 5D 6A 1B C0 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 194.170.28.111:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950" FF - prefs.js..browser.startup.homepage: "hxxp://www.comunio.de/team_news.phtml|hxxp://www.onvista.de/" FF - prefs.js..keyword.URL: "hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q=" FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: B:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: B:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: B:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: B:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: B:\Programme\Avast\WebRep\FF [2012.02.14 23:21:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: B:\Programme\Firefox\components [2012.02.11 17:27:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: B:\Programme\Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: B:\Programme\Firefox\components [2012.02.11 17:27:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: B:\Programme\Firefox\plugins [2011.02.07 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Extensions [2011.02.07 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.02.02 22:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Firefox\Profiles\jwys5alp.default\extensions [2010.05.05 08:50:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HOME\AppData\Roaming\mozilla\Firefox\Profiles\jwys5alp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.14 23:21:26 | 000,000,000 | ---D | M] (avast! WebRep) -- B:\PROGRAMME\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: avast! WebRep = C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - B:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - B:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - B:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - B:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avast] B:\Programme\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] b:\programme\malwarebytes' anti-malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Advanced SystemCare 5] B:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [ccleaner] B:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [ffdwnd] C:\Users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O4 - HKCU..\Run: [SpybotSD TeaTimer] B:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] B:\Programme\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HOME\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - B:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dab-bank.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: dshs-koeln.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: tecis.com ([www] https in Vertrauenswürdige Sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B28DB98-F63F-44E4-BC3B-D2B0400B3543}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D3A3EF8-429C-4350-876E-941008277236}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (B:\Programme\SuperAntiSpyware\SASWINLO.DLL) - B:\Programme\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\HOME\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\HOME\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - B:\Programme\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2a71ca8f-a231-11e0-9120-0019db4101f5}\Shell - "" = AutoRun O33 - MountPoints2\{2a71ca8f-a231-11e0-9120-0019db4101f5}\Shell\AutoRun\command - "" = I:\autorun.exe O33 - MountPoints2\{4e1c9d5b-1f23-11df-a28e-0019db4101f5}\Shell\AutoRun\command - "" = J:\setup.EXE O33 - MountPoints2\{7178755b-f81b-11de-bb22-0019db4101f5}\Shell - "" = AutoRun O33 - MountPoints2\{7178755b-f81b-11de-bb22-0019db4101f5}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{f88e15f6-12b1-11e0-be26-0019db4101f5}\Shell\AutoRun\command - "" = J:\sources\sperr32.exe x64 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SmartDefragBootTime.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.15 01:53:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\HOME\Desktop\OTL.exe [2012.02.15 01:11:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\HOME\Desktop\dds.com [2012.02.15 00:31:15 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z [2012.02.14 23:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.02.14 23:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.02.14 14:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2012.02.14 01:10:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2012.02.13 23:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield [2012.02.13 23:38:40 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\tor [2012.02.13 23:25:21 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\DVDVideoSoft [2012.02.13 12:08:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.02.13 03:01:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2012.02.13 03:01:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2012.02.13 03:01:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2012.02.13 03:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2012.02.13 03:01:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2012.02.13 03:01:26 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2012.02.13 03:01:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2012.02.13 03:01:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2012.02.13 03:01:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2012.02.13 03:01:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2012.02.13 03:01:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2012.02.13 03:01:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2012.02.13 03:01:25 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2012.02.13 03:01:25 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2012.02.13 03:01:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2012.02.13 03:01:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2012.02.13 03:01:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2012.02.13 03:01:24 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2012.02.13 03:01:24 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2012.02.13 03:01:24 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2012.02.13 03:01:24 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2012.02.13 03:01:24 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2012.02.13 03:01:24 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2012.02.12 16:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.02.12 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\SUPERAntiSpyware.com [2012.02.12 15:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.02.11 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2012.02.09 02:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.02.07 01:26:01 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Diplomarbeit [2012.02.07 00:27:15 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Dokumente [2012.02.07 00:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Desktopordner [2012.02.03 10:44:02 | 000,000,000 | R--D | C] -- C:\Users\HOME\Desktop\Dropbox [2012.02.03 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.02.03 10:41:29 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Dropbox [2012.02.01 23:35:51 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe [2012.02.01 23:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5 [2012.01.31 23:38:43 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Temp [2012.01.31 23:35:46 | 000,000,000 | ---D | C] -- C:\Temp [2012.01.31 23:27:26 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Local\Samsung [2012.01.31 23:25:57 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll [2012.01.31 23:25:57 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll [2012.01.31 23:25:57 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys [2012.01.31 23:25:57 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys [2012.01.31 23:25:57 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys [2012.01.31 23:25:57 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys [2012.01.31 23:25:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys [2012.01.31 23:25:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys [2012.01.31 23:25:57 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys [2012.01.31 23:25:57 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys [2012.01.31 23:25:43 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys [2012.01.31 23:25:43 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys [2012.01.31 23:25:43 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys [2012.01.31 23:25:43 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys [2012.01.31 23:25:43 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys [2012.01.31 23:25:43 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys [2012.01.31 23:25:43 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys [2012.01.31 23:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.01.31 23:23:59 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.01.31 23:23:14 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.01.31 23:23:14 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll [2012.01.31 23:23:14 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.01.22 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.22 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.22 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.01.22 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime ========== Files - Modified Within 30 Days ========== [2012.02.15 01:55:53 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E55A29B6-8FBF-4949-84D5-1522A89526D7}.job [2012.02.15 01:53:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HOME\Desktop\OTL.exe [2012.02.15 01:50:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.15 01:30:30 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.15 01:30:30 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.15 01:30:30 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.15 01:30:30 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.15 01:25:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.15 01:25:39 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 01:25:39 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 01:25:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.15 01:16:15 | 000,000,020 | ---- | M] () -- C:\Users\HOME\defogger_reenable [2012.02.15 01:11:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\HOME\Desktop\dds.com [2012.02.15 01:09:54 | 000,050,477 | ---- | M] () -- C:\Users\HOME\Desktop\Defogger.exe [2012.02.15 00:31:02 | 000,001,356 | ---- | M] () -- C:\Users\HOME\AppData\Local\d3d9caps.dat [2012.02.14 23:21:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.02.14 23:19:14 | 000,000,836 | ---- | M] () -- C:\Users\HOME\Desktop\Spybot - Search & Destroy.lnk [2012.02.14 14:46:02 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.02.14 11:15:55 | 000,000,775 | ---- | M] () -- C:\Users\HOME\Desktop\Free YouTube to MP3 Converter.lnk [2012.02.14 11:13:32 | 000,000,717 | ---- | M] () -- C:\Users\HOME\Desktop\Free YouTube Download.lnk [2012.02.14 00:45:37 | 000,000,631 | ---- | M] () -- C:\Users\HOME\Desktop\mp3DirectCut.lnk [2012.02.14 00:44:46 | 000,288,008 | ---- | M] () -- C:\Users\HOME\Desktop\mp3DC215.exe [2012.02.13 23:25:25 | 000,001,675 | ---- | M] () -- C:\Users\HOME\Desktop\Free Video to MP3 Converter.lnk [2012.02.13 22:57:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.02.13 12:08:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.02.12 22:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job [2012.02.12 16:08:37 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.02.11 17:54:05 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk [2012.02.09 02:46:34 | 000,000,902 | ---- | M] () -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.09 02:46:33 | 000,000,922 | ---- | M] () -- C:\Users\HOME\Desktop\Dropbox.lnk [2012.02.08 00:12:39 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.02.08 00:12:32 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.02.08 00:01:10 | 000,608,088 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.02.08 00:01:01 | 000,335,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.02.07 23:59:17 | 000,035,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.02.07 23:59:13 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.02.07 23:59:05 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.02.07 23:58:55 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.02.05 14:56:23 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.03 18:25:51 | 000,158,208 | ---- | M] () -- C:\Users\HOME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.01 23:20:57 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012.02.01 14:55:00 | 000,400,498 | ---- | M] () -- C:\Users\HOME\Documents\Sperling Auswertung.rar [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.25 14:32:15 | 000,048,712 | ---- | M] () -- C:\Users\HOME\Desktop\1992 - 2012.jpg [2012.01.25 14:31:20 | 000,050,450 | ---- | M] () -- C:\Users\HOME\Desktop\1982 - 2012.jpg [2012.01.25 14:30:40 | 000,049,141 | ---- | M] () -- C:\Users\HOME\Desktop\1972 - 2012.jpg [2012.01.25 14:30:10 | 000,047,785 | ---- | M] () -- C:\Users\HOME\Desktop\2002 - 2012.jpg [2012.01.22 13:12:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.02.15 01:16:03 | 000,000,020 | ---- | C] () -- C:\Users\HOME\defogger_reenable [2012.02.15 01:09:57 | 000,050,477 | ---- | C] () -- C:\Users\HOME\Desktop\Defogger.exe [2012.02.14 23:19:14 | 000,000,836 | ---- | C] () -- C:\Users\HOME\Desktop\Spybot - Search & Destroy.lnk [2012.02.14 14:46:02 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.02.14 11:15:55 | 000,000,775 | ---- | C] () -- C:\Users\HOME\Desktop\Free YouTube to MP3 Converter.lnk [2012.02.14 11:13:32 | 000,000,717 | ---- | C] () -- C:\Users\HOME\Desktop\Free YouTube Download.lnk [2012.02.14 00:45:37 | 000,000,631 | ---- | C] () -- C:\Users\HOME\Desktop\mp3DirectCut.lnk [2012.02.14 00:44:45 | 000,288,008 | ---- | C] () -- C:\Users\HOME\Desktop\mp3DC215.exe [2012.02.13 23:25:25 | 000,001,675 | ---- | C] () -- C:\Users\HOME\Desktop\Free Video to MP3 Converter.lnk [2012.02.13 22:57:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.02.13 03:01:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.02.13 03:01:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.02.13 03:01:26 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2012.02.12 16:08:37 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.02.05 14:56:23 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.03 10:44:02 | 000,000,922 | ---- | C] () -- C:\Users\HOME\Desktop\Dropbox.lnk [2012.02.03 10:42:28 | 000,000,902 | ---- | C] () -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.01 23:20:57 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012.02.01 14:55:00 | 000,400,498 | ---- | C] () -- C:\Users\HOME\Documents\Sperling Auswertung.rar [2012.01.25 14:32:15 | 000,048,712 | ---- | C] () -- C:\Users\HOME\Desktop\1992 - 2012.jpg [2012.01.25 14:31:20 | 000,050,450 | ---- | C] () -- C:\Users\HOME\Desktop\1982 - 2012.jpg [2012.01.25 14:30:40 | 000,049,141 | ---- | C] () -- C:\Users\HOME\Desktop\1972 - 2012.jpg [2012.01.25 14:30:10 | 000,047,785 | ---- | C] () -- C:\Users\HOME\Desktop\2002 - 2012.jpg [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.09.27 23:37:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.06.17 10:48:20 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.06.17 10:48:20 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.06.08 00:08:26 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011.06.08 00:08:26 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011.04.19 21:05:05 | 000,001,356 | ---- | C] () -- C:\Users\HOME\AppData\Local\d3d9caps.dat [2011.04.02 16:54:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.02.10 05:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini [2011.02.06 23:37:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.12.02 16:13:50 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2010.10.03 20:35:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.10.03 20:35:24 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.20 00:23:53 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.09.18 08:38:40 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.09.18 08:38:40 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.09.18 08:38:40 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.03.27 18:14:41 | 000,000,058 | ---- | C] () -- C:\Users\HOME\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.01.11 17:29:14 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.01.11 17:29:14 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.01.03 04:54:24 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL [2010.01.01 14:51:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.01.01 14:51:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.12.20 19:05:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2009.12.19 15:15:21 | 000,158,208 | ---- | C] () -- C:\Users\HOME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.19 11:50:10 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.01.21 08:15:58 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2007.02.22 16:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini [2007.02.22 16:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,281,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:42 | 000,041,728 | ---- | C] () -- C:\Windows\System32\drivers\stusb2ir.sys [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z:1 < End of report > Unsigned file Service: FsUsbExDisk Suspicious object, medium risk Service type: Kernel driver (0x1) Service start: Demand (0x3) File: C:\Windows\system32\FsUsbExDisk.SYS MD5: cbe5f69a5e5b918225f420a748f3742 und Unsigned file Service: StarOpen Suspicious object, medium risk Service type: File system driver (0x2) Service start: System (0x1) File: C:\Windows\system32\drivers\StarOpen.sys MD5: 306521935042fc0a6988d528643619b3 Vielleicht hilft euch das weiter! Wollte mich informieren, ob noch was fehlt oder ob einfach gerade zu viel zu tun ist. Grüße |
|
16.02.2012, 23:13
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreichZitat:
 Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich |
| acrobat update, adobe, alternate, antivirus, avast, avg secure search, blockiert, bonjour, canon, converter, defender, device driver, firefox, google, google earth, helper, home, hotspot, hotspot shield, iobit, kaspersky, langs, mozilla, mp3, nvidia update, ohne internetverbindung, otl-log, plug-in, programm, realtek, registry, rescue cd, safer networking, scan, secure search, security, staropen, studio, superantispyware, svchost.exe, system, systemcare, trojaner, updates, usb 2.0, version=1.0, warum, windows |
Linear-Darstellung
