| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.11.2011, 15:53
| #1 |
 |  Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" Hallo zusammen Gestern Abend gingen spontan 1000 Fenster, die behauptet haben, dass meine Festplatte kaputt sei. War mir direkt klar, dass ich mir irgendwas eingefangen hab. Meinen Taskmanager konnte ich auch nicht mehr benutzen, da irgendwas ihn blockierte. Direkt mit Antivir Spybot SUPERAntiSpyware Malwarebytes' Anti-Malware gescannt, die haben zwar alle was gefunden und mein Taskmanager funktioniert wieder, aber mein Desktop ist immer noch schwarz und meine Startmenüeinträge sind auch verschwunden.  Ich dachte mir "Reparaturmodus"... F8 beim Booten, Dell hat auf meine zweite Partition ein Windowsbackup gelegt. Ar...lecken, da keine Domäne wurde bzw angeblich mein Passwort / Benutzername falsch ist kann ich mich nicht anmelden. OTL sagt: Code:
ATTFilter OTL logfile created on: 03.11.2011 14:24:06 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Benedikt\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,51% Memory free 6,19 Gb Paging File | 5,10 Gb Available in Paging File | 82,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,91 Gb Total Space | 11,25 Gb Free Space | 8,10% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,62 Gb Free Space | 56,25% Space Free | Partition Type: NTFS Computer Name: HERBERT | User Name: Benedikt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.03 12:58:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe PRC - [2011.10.25 13:38:10 | 000,542,672 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2011.10.17 18:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.11 20:51:21 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.30 18:19:56 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.05 07:58:45 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.21 11:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe PRC - [2009.05.21 11:13:58 | 000,206,064 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.08.14 00:04:44 | 000,201,968 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008.06.30 11:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2008.06.30 11:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008.06.30 11:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008.06.30 11:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2008.06.26 12:10:06 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2008.06.26 12:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe PRC - [2008.06.26 12:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe PRC - [2008.04.28 15:56:28 | 000,161,048 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe PRC - [2003.08.05 09:43:04 | 000,045,056 | R--- | M] (Prolific Technology Inc.) -- C:\Windows\System32\HotFixQ0306270.exe ========== Modules (No Company Name) ========== MOD - [2011.11.03 14:23:06 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2011.11.03 14:23:06 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2011.11.03 12:57:31 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011.11.03 12:57:31 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2010.10.28 08:29:34 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\62dfd8797881fd7a0d0de3f448a18c01\System.Web.ni.dll MOD - [2010.10.28 08:29:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll MOD - [2010.10.28 08:23:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll MOD - [2010.10.28 08:23:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll MOD - [2010.10.28 08:23:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll MOD - [2010.10.28 08:21:46 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll MOD - [2010.10.28 08:21:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 21:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.04 09:42:20 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.12 06:37:52 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.28 11:02:02 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2011.10.27 21:49:32 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2011.10.25 13:38:10 | 000,542,672 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.11 20:51:21 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.30 18:19:56 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.09.28 14:48:15 | 000,316,664 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.08.22 09:03:20 | 000,016,680 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.08.14 00:04:44 | 000,201,968 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008.06.26 12:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe -- (STacSV) SRV - [2008.06.26 12:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe -- (AESTFilters) SRV - [2008.04.28 15:56:28 | 000,161,048 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.09 11:30:08 | 000,121,360 | -H-- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - [2011.10.28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011.10.22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS) DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.07.11 20:51:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.11 20:51:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.03 20:40:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.05.21 12:59:12 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.06.30 11:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.06.26 12:10:08 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2008.03.14 14:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2008.03.12 06:37:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.03.11 07:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.03.11 07:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2008.03.11 07:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.03.11 07:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.11.29 01:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.11.29 01:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.05.11 10:59:00 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB) DRV - [2003.10.06 10:29:08 | 000,007,424 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\plff.sys -- (PLFF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benedikt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011.11.02 21:45:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 16:18:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.21 10:33:49 | 000,000,000 | ---D | M] [2010.04.28 14:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions [2010.04.28 14:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.06.26 12:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com [2011.10.24 16:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\9gbwpvs7.default\extensions [2010.04.27 20:10:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\9gbwpvs7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.16 19:52:59 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\9gbwpvs7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2009.06.02 19:04:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\9gbwpvs7.default\extensions\moveplayer@movenetworks.com [2011.10.26 18:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.10.04 09:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.05 19:44:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.27 21:25:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.20 21:36:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.17 12:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.26 18:43:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.10.06 16:18:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.10.06 16:18:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 16:18:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 16:18:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 16:18:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 16:18:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 16:18:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.22 17:43:12 | 000,000,057 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFFAP] C:\Windows\System32\HotFixQ0306270.exe (Prolific Technology Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-18..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-2775041620-371297593-3811378524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D5B2A83-26CD-4993-A422-1070C2D311AA}: DhcpNameServer = 195.50.140.118 195.50.140.248 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F12C023B-96A9-4254-A2BC-45E07E338589}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.03 12:58:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe [2011.11.03 12:57:23 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\SUPERAntiSpyware.com [2011.11.03 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.11.03 12:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.11.03 12:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.11.03 12:55:33 | 012,837,560 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Benedikt\Desktop\SUPERAntiSpyware501134.exe [2011.11.02 22:23:10 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Benedikt\Desktop\mbam-setup-1.51.2.1300.exe [2011.11.02 22:05:19 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\Threat Expert [2011.11.02 21:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.11.02 21:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.11.02 21:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.11.02 21:45:43 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.11.02 21:45:43 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys [2011.11.02 21:45:42 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.11.02 21:45:42 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.11.02 21:45:04 | 000,252,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.11.02 21:45:04 | 000,105,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.11.02 21:45:00 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2011.11.02 21:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.11.02 21:44:57 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.11.02 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2011.11.02 21:41:40 | 000,660,992 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.11.02 21:41:40 | 000,341,656 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.11.02 21:41:35 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.11.02 21:41:35 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.11.02 21:41:33 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2011.11.02 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.11.02 21:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.10.31 13:00:44 | 000,000,000 | -H-D | C] -- C:\Users\Benedikt\AppData\Local\O&O [2011.10.30 12:24:58 | 000,000,000 | -H-D | C] -- C:\Users\Benedikt\AppData\Local\Downloaded Installations [2011.10.30 12:14:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.30 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.10.26 18:43:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.10.26 18:43:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.10.26 18:43:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe ========== Files - Modified Within 30 Days ========== [2011.11.03 14:27:09 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.03 14:27:09 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.03 14:27:09 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.03 14:27:09 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.03 14:27:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.11.03 14:25:19 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{50F6F6D8-62B8-44EE-8129-9F539D72EE3C}.job [2011.11.03 14:21:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.03 14:20:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.03 14:20:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.03 14:20:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.03 13:34:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.03 12:58:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe [2011.11.03 12:57:56 | 000,000,120 | ---- | M] () -- C:\Users\Benedikt\Desktop\UdlzgwzW.htm.part.htm [2011.11.03 12:56:17 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.03 12:55:56 | 012,837,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Benedikt\Desktop\SUPERAntiSpyware501134.exe [2011.11.03 07:32:47 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.02 22:23:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Benedikt\Desktop\mbam-setup-1.51.2.1300.exe [2011.11.02 21:45:00 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk [2011.11.01 09:59:25 | 000,061,952 | -H-- | M] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.30 19:59:21 | 000,000,042 | ---- | M] () -- C:\Windows\oodjobd.INI [2011.10.29 07:50:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null [2011.10.28 11:03:18 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.10.28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2011.10.28 11:01:36 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2011.10.28 10:41:04 | 000,105,792 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.10.28 10:40:58 | 000,252,840 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.10.25 13:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.10.25 13:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.10.25 13:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.10.25 13:38:08 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll [2011.10.22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.10.22 15:11:08 | 000,162,584 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys ========== Files Created - No Company Name ========== [2011.11.03 12:57:53 | 000,000,120 | ---- | C] () -- C:\Users\Benedikt\Desktop\UdlzgwzW.htm.part.htm [2011.11.03 12:56:17 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.03 07:32:47 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.02 21:45:43 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.11.02 21:45:43 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.11.02 21:45:43 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.11.02 21:45:43 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.11.02 21:45:42 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip [2011.11.02 21:45:00 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk [2011.10.30 19:59:21 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2011.05.18 15:07:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.03.16 11:38:37 | 000,000,074 | ---- | C] () -- C:\Windows\FinalAlert2.ini [2011.01.02 18:37:22 | 000,000,132 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.01 16:18:49 | 000,000,132 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.11.26 03:15:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.10.30 18:42:03 | 000,001,456 | -H-- | C] () -- C:\Users\Benedikt\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.08.10 13:59:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.10 13:59:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.10 13:59:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.10 13:59:27 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.10 13:59:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.07 21:22:11 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.07.04 11:54:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.05.15 16:36:51 | 000,000,122 | ---- | C] () -- C:\Windows\wa.INI [2010.05.13 19:31:28 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2009.10.29 17:56:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.29 17:55:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.29 14:00:01 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.08.27 12:02:55 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini [2009.08.13 19:37:07 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2009.06.21 20:12:59 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.05.22 16:45:33 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.05.22 16:45:22 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.03.24 10:17:44 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.02.19 18:25:54 | 000,022,328 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\PnkBstrK.sys [2009.01.18 13:00:13 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE [2008.12.10 15:04:41 | 000,225,256 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2008.11.24 16:51:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008.11.21 22:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.03 15:33:59 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.12 10:38:02 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.09.09 15:37:53 | 000,061,952 | -H-- | C] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.31 20:27:50 | 000,001,461 | ---- | C] () -- C:\Windows\mozver.dat [2008.08.31 15:28:57 | 000,000,304 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\wklnhst.dat [2008.08.31 15:04:57 | 000,000,018 | ---- | C] () -- C:\Windows\wininit.ini [2008.08.31 14:44:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.31 14:37:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.08.31 10:41:04 | 000,001,356 | -H-- | C] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat [2008.08.22 18:32:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.08.22 18:32:09 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.08.22 18:32:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.08.22 18:32:09 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.08.22 10:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.08.22 08:56:25 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008.08.22 08:56:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2008.01.21 08:15:58 | 000,670,946 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,144,082 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.06.06 07:32:00 | 000,002,699 | ---- | C] () -- C:\Windows\System32\d1wiaUiStr.bin [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 004,173,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,631,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,118,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2000.02.09 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe [2000.02.09 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report > |
| Themen zu Schwarzer Desktop, Startmenü verschwunden, Meldung "Festplatte Defekt" |
| alternate, avira, bho, bonjour, booten, browser, defender, desktop, download, explorer, festplatte, firefox, format, google earth, home, icq, kaputt, logfile, microsoft, nodrives, pdf, plug-in, registry, safer networking, schwarzer desktop, security, software, tan, taskmanager, temp, version=1.0, vista |
Baum-Darstellung