Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.02.2012, 01:40   #1
Sperle
 
... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich - Standard

... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich



Hi!

Ich habe heute bzw. jetzt gestern versucht meinen PC sauber zu bekommen leider nur mit kurzem Erfolg. Nach Studie diverser Foren und Abarbeitung der Vorschläge stehe ich quasi wieder am Anfang. Es fällt auf, dass die Meldung nicht angezeigt wird, wenn ich den PC ohne Internetverbindung hochfahre. Folgendes habe ich schon versucht:

- Kaspersky Rescue CD (hat einiges gefunden, leider nicht das richtige)
- Einträge über abgesicherten Modus in der Registry gesucht. (Leider nicht die "typischen" Dateien gefunden. Für mich war nichts zu erkennen)
- Diverse Programme scannen lassen (Spybot, Malwarebytes, Trojaner Killer, SuperAntiSpyware, Avast)


Hier mal die logs:

Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 1.6.0_26
Run by HOME at 1:39:00 on 2012-02-15
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.1270 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
B:\Programme\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
B:\Programme\SuperAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\SearchIndexer.exe
B:\Programme\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
B:\Programme\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = 
mStart Page = hxxp://www.onista.de
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 194.170.28.111:80
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - b:\programme\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - b:\programme\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - b:\programme\java\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - b:\programme\avast\aswWebRepIE.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Advanced SystemCare 5] "b:\programme\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] b:\programme\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "b:\programme\ccleaner\CCleaner.exe" /AUTO
uRun: [ffdwnd] c:\users\home\appdata\local\mozilla\firefox\firefox.exe
uRun: [SpybotSD TeaTimer] b:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [avast] "b:\programme\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "b:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\home\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - b:\programme\spybot - search & destroy\SDHelper.dll
Trusted Zone: dab-bank.de\www
Trusted Zone: dshs-koeln.de\www
Trusted Zone: tecis.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4B28DB98-F63F-44E4-BC3B-D2B0400B3543} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D3A3EF8-429C-4350-876E-941008277236} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - b:\programme\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - b:\programme\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\jwys5alp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comunio.de/team_news.phtml|hxxp://www.onvista.de/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q=
FF - plugin: b:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: b:\programme\adobe\reader\air\nppdf32.dll
FF - plugin: b:\programme\adobe\reader\browser\nppdf32.dll
FF - plugin: b:\programme\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: b:\programme\java\bin\new_plugin\npjp2.dll
FF - plugin: b:\programme\vlc\npvlc.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\home\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-8 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-8 608088]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 335320]
R1 SASDIFSV;SASDIFSV;b:\programme\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;b:\programme\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;b:\programme\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;b:\programme\iobit\advanced systemcare 5\ASCService.exe [2012-2-1 497496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-8 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-8 57688]
R2 avast! Antivirus;avast! Antivirus;b:\programme\avast\AvastSvc.exe [2011-6-8 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-3 238952]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-2-4 196912]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-17 2214504]
R2 SBSDWSCService;SBSD Security Center Service;b:\programme\spybot - search & destroy\SDWinSec.exe [2012-2-14 1153368]
R2 TomTomHOMEService;TomTomHOMEService;b:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-3 36608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-1-31 30312]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 20464]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-11 523264]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-9-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-9-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-9-27 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-31 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-31 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-31 136808]
S3 stusb2ir;USB 2.0 IrDA-Brücke;c:\windows\system32\drivers\stusb2ir.sys [2006-11-2 41728]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-14 23:31:15    --------    d---a-w-    C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z
2012-02-14 22:18:57    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-02-14 09:12:01    6557240    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{fd3693fc-4d51-4f03-97ab-47ae56508f05}\mpengine.dll
2012-02-14 00:10:28    --------    d-----w-    c:\windows\system32\System32
2012-02-13 22:42:01    --------    d-----w-    c:\program files\Hotspot Shield
2012-02-13 22:38:40    --------    d-----w-    c:\users\home\appdata\roaming\tor
2012-02-13 22:25:21    --------    d-----w-    c:\users\home\appdata\roaming\DVDVideoSoft
2012-02-13 11:08:21    231936    ----a-w-    c:\windows\system32\msshsq.dll
2012-02-12 14:06:14    --------    d-----w-    c:\users\home\appdata\roaming\SUPERAntiSpyware.com
2012-02-12 14:06:14    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2012-02-09 01:43:20    --------    d-----w-    c:\program files\Dropbox
2012-02-03 09:41:29    --------    d-----w-    c:\users\home\appdata\roaming\Dropbox
2012-02-01 22:35:51    21848    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2012-01-31 22:38:43    --------    d-----w-    c:\users\home\appdata\roaming\Temp
2012-01-31 22:35:46    --------    d-----w-    C:\Temp
2012-01-31 22:27:26    --------    d-----w-    c:\users\home\appdata\local\Samsung
2012-01-31 22:23:59    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2012-01-31 22:23:14    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2012-01-31 22:23:14    319456    ----a-w-    c:\windows\system32\DIFxAPI.dll
2012-01-31 22:23:14    20032    ----a-w-    c:\windows\system32\drivers\dgderdrv.sys
2012-01-22 13:04:29    --------    d-----w-    c:\program files\iPod
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-22 12:59:29    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2012-02-07 23:12:39    41184    ----a-w-    c:\windows\avastSS.scr
2012-02-07 23:01:10    608088    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2012-02-07 22:59:05    57688    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2012-01-26 23:21:24    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-01-22 12:12:17    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 14:28:36    16128    ----a-w-    c:\windows\system32\drivers\gtkdrv.sys
2011-12-28 23:57:28    37376    ----a-w-    c:\windows\system32\drivers\hssdrv.sys
2011-12-10 14:24:06    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH:  1:39:25,04 ===============
         
Ich bin gespannt, ob ihr mir sagen könnt, was ich wo übersehen habe. Und jetzt beende ich diesen traumhaften Tag. Gute Nacht und vielen Dank im Vorraus.


EDIT:

Schnell noch der OTL-log:

Code:
ATTFilter
OTL logfile created on: 15.02.2012 01:55:51 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\HOME\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,03% Memory free
4,23 Gb Paging File | 3,05 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,00 Gb Total Space | 39,74 Gb Free Space | 46,75% Space Free | Partition Type: NTFS
 
Computer Name: SPERL-FEST | User Name: HOME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HOME\Desktop\OTL.exe (OldTimer Tools)
PRC - B:\Programme\Firefox\firefox.exe (Mozilla Corporation)
PRC - B:\Programme\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - B:\Programme\Avast\AvastUI.exe (AVAST Software)
PRC - B:\Programme\Avast\AvastSvc.exe (AVAST Software)
PRC - B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - B:\Programme\SuperAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - B:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - B:\Programme\Firefox\mozjs.dll ()
MOD - B:\Programme\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- B:\Programme\Avast\AvastSvc.exe (AVAST Software)
SRV - (TomTomHOMEService) -- B:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdvancedSystemCareService5) -- B:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (!SASCORE) -- B:\Programme\SuperAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SBSDWSCService) -- B:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASDIFSV) -- B:\Programme\SuperAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- B:\Programme\SuperAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SmartDefragDriver) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (stusb2ir) -- C:\Windows\System32\drivers\stusb2ir.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onista.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F B0 5D 6A 1B C0 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 194.170.28.111:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.startup.homepage: "hxxp://www.comunio.de/team_news.phtml|hxxp://www.onvista.de/"
FF - prefs.js..keyword.URL: "hxxp://search.avg.com/?d=4da78dd8&i=23&tp=ab&nt=1&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: B:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: B:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: B:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: B:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: B:\Programme\Avast\WebRep\FF [2012.02.14 23:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: B:\Programme\Firefox\components [2012.02.11 17:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: B:\Programme\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: B:\Programme\Firefox\components [2012.02.11 17:27:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: B:\Programme\Firefox\plugins
 
[2011.02.07 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Extensions
[2011.02.07 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.02 22:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOME\AppData\Roaming\mozilla\Firefox\Profiles\jwys5alp.default\extensions
[2010.05.05 08:50:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HOME\AppData\Roaming\mozilla\Firefox\Profiles\jwys5alp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.14 23:21:26 | 000,000,000 | ---D | M] (avast! WebRep) -- B:\PROGRAMME\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - B:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - B:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - B:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - B:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] B:\Programme\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] b:\programme\malwarebytes' anti-malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] B:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [ccleaner] B:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [ffdwnd] C:\Users\HOME\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [SpybotSD TeaTimer] B:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] B:\Programme\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HOME\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - B:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dab-bank.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: dshs-koeln.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tecis.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B28DB98-F63F-44E4-BC3B-D2B0400B3543}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D3A3EF8-429C-4350-876E-941008277236}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (B:\Programme\SuperAntiSpyware\SASWINLO.DLL) - B:\Programme\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\HOME\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HOME\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - B:\Programme\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a71ca8f-a231-11e0-9120-0019db4101f5}\Shell - "" = AutoRun
O33 - MountPoints2\{2a71ca8f-a231-11e0-9120-0019db4101f5}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{4e1c9d5b-1f23-11df-a28e-0019db4101f5}\Shell\AutoRun\command - "" = J:\setup.EXE
O33 - MountPoints2\{7178755b-f81b-11de-bb22-0019db4101f5}\Shell - "" = AutoRun
O33 - MountPoints2\{7178755b-f81b-11de-bb22-0019db4101f5}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{f88e15f6-12b1-11e0-be26-0019db4101f5}\Shell\AutoRun\command - "" = J:\sources\sperr32.exe x64
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.15 01:53:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\HOME\Desktop\OTL.exe
[2012.02.15 01:11:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\HOME\Desktop\dds.com
[2012.02.15 00:31:15 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z
[2012.02.14 23:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.02.14 23:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.02.14 14:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.02.14 01:10:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012.02.13 23:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012.02.13 23:38:40 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\tor
[2012.02.13 23:25:21 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\DVDVideoSoft
[2012.02.13 12:08:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012.02.13 03:01:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2012.02.13 03:01:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2012.02.13 03:01:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2012.02.13 03:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2012.02.13 03:01:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2012.02.13 03:01:26 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2012.02.13 03:01:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012.02.13 03:01:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2012.02.13 03:01:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012.02.13 03:01:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2012.02.13 03:01:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2012.02.13 03:01:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2012.02.13 03:01:25 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2012.02.13 03:01:25 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2012.02.13 03:01:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2012.02.13 03:01:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012.02.13 03:01:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2012.02.13 03:01:24 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2012.02.13 03:01:24 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012.02.13 03:01:24 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012.02.13 03:01:24 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012.02.13 03:01:24 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012.02.13 03:01:24 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012.02.12 16:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.02.12 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.12 15:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.11 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2012.02.09 02:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.02.07 01:26:01 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Diplomarbeit
[2012.02.07 00:27:15 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Dokumente
[2012.02.07 00:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOME\Desktop\Desktopordner
[2012.02.03 10:44:02 | 000,000,000 | R--D | C] -- C:\Users\HOME\Desktop\Dropbox
[2012.02.03 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.02.03 10:41:29 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Dropbox
[2012.02.01 23:35:51 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012.02.01 23:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012.01.31 23:38:43 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Roaming\Temp
[2012.01.31 23:35:46 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.31 23:27:26 | 000,000,000 | ---D | C] -- C:\Users\HOME\AppData\Local\Samsung
[2012.01.31 23:25:57 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2012.01.31 23:25:57 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
[2012.01.31 23:25:57 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2012.01.31 23:25:57 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2012.01.31 23:25:57 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys
[2012.01.31 23:25:57 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2012.01.31 23:25:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2012.01.31 23:25:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2012.01.31 23:25:57 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2012.01.31 23:25:57 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2012.01.31 23:25:43 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
[2012.01.31 23:25:43 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
[2012.01.31 23:25:43 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
[2012.01.31 23:25:43 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
[2012.01.31 23:25:43 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
[2012.01.31 23:25:43 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
[2012.01.31 23:25:43 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
[2012.01.31 23:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.01.31 23:23:59 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.01.31 23:23:14 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.01.31 23:23:14 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012.01.31 23:23:14 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.01.22 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.22 14:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.22 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.22 13:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.15 01:55:53 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E55A29B6-8FBF-4949-84D5-1522A89526D7}.job
[2012.02.15 01:53:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HOME\Desktop\OTL.exe
[2012.02.15 01:50:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.15 01:30:30 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.15 01:30:30 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.15 01:30:30 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.15 01:30:30 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.15 01:25:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 01:25:39 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.15 01:25:39 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.15 01:25:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.15 01:16:15 | 000,000,020 | ---- | M] () -- C:\Users\HOME\defogger_reenable
[2012.02.15 01:11:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\HOME\Desktop\dds.com
[2012.02.15 01:09:54 | 000,050,477 | ---- | M] () -- C:\Users\HOME\Desktop\Defogger.exe
[2012.02.15 00:31:02 | 000,001,356 | ---- | M] () -- C:\Users\HOME\AppData\Local\d3d9caps.dat
[2012.02.14 23:21:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.02.14 23:19:14 | 000,000,836 | ---- | M] () -- C:\Users\HOME\Desktop\Spybot - Search & Destroy.lnk
[2012.02.14 14:46:02 | 000,000,731 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.14 11:15:55 | 000,000,775 | ---- | M] () -- C:\Users\HOME\Desktop\Free YouTube to MP3 Converter.lnk
[2012.02.14 11:13:32 | 000,000,717 | ---- | M] () -- C:\Users\HOME\Desktop\Free YouTube Download.lnk
[2012.02.14 00:45:37 | 000,000,631 | ---- | M] () -- C:\Users\HOME\Desktop\mp3DirectCut.lnk
[2012.02.14 00:44:46 | 000,288,008 | ---- | M] () -- C:\Users\HOME\Desktop\mp3DC215.exe
[2012.02.13 23:25:25 | 000,001,675 | ---- | M] () -- C:\Users\HOME\Desktop\Free Video to MP3 Converter.lnk
[2012.02.13 22:57:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.02.13 12:08:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012.02.12 22:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012.02.12 16:08:37 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.11 17:54:05 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2012.02.09 02:46:34 | 000,000,902 | ---- | M] () -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.09 02:46:33 | 000,000,922 | ---- | M] () -- C:\Users\HOME\Desktop\Dropbox.lnk
[2012.02.08 00:12:39 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.02.08 00:12:32 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.02.08 00:01:10 | 000,608,088 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.02.08 00:01:01 | 000,335,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.02.07 23:59:17 | 000,035,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.02.07 23:59:13 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.02.07 23:59:05 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.02.07 23:58:55 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.02.05 14:56:23 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.03 18:25:51 | 000,158,208 | ---- | M] () -- C:\Users\HOME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.01 23:20:57 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012.02.01 14:55:00 | 000,400,498 | ---- | M] () -- C:\Users\HOME\Documents\Sperling Auswertung.rar
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.25 14:32:15 | 000,048,712 | ---- | M] () -- C:\Users\HOME\Desktop\1992 - 2012.jpg
[2012.01.25 14:31:20 | 000,050,450 | ---- | M] () -- C:\Users\HOME\Desktop\1982 - 2012.jpg
[2012.01.25 14:30:40 | 000,049,141 | ---- | M] () -- C:\Users\HOME\Desktop\1972 - 2012.jpg
[2012.01.25 14:30:10 | 000,047,785 | ---- | M] () -- C:\Users\HOME\Desktop\2002 - 2012.jpg
[2012.01.22 13:12:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.02.15 01:16:03 | 000,000,020 | ---- | C] () -- C:\Users\HOME\defogger_reenable
[2012.02.15 01:09:57 | 000,050,477 | ---- | C] () -- C:\Users\HOME\Desktop\Defogger.exe
[2012.02.14 23:19:14 | 000,000,836 | ---- | C] () -- C:\Users\HOME\Desktop\Spybot - Search & Destroy.lnk
[2012.02.14 14:46:02 | 000,000,731 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.14 11:15:55 | 000,000,775 | ---- | C] () -- C:\Users\HOME\Desktop\Free YouTube to MP3 Converter.lnk
[2012.02.14 11:13:32 | 000,000,717 | ---- | C] () -- C:\Users\HOME\Desktop\Free YouTube Download.lnk
[2012.02.14 00:45:37 | 000,000,631 | ---- | C] () -- C:\Users\HOME\Desktop\mp3DirectCut.lnk
[2012.02.14 00:44:45 | 000,288,008 | ---- | C] () -- C:\Users\HOME\Desktop\mp3DC215.exe
[2012.02.13 23:25:25 | 000,001,675 | ---- | C] () -- C:\Users\HOME\Desktop\Free Video to MP3 Converter.lnk
[2012.02.13 22:57:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.02.13 03:01:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.13 03:01:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.13 03:01:26 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.02.12 16:08:37 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.05 14:56:23 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.03 10:44:02 | 000,000,922 | ---- | C] () -- C:\Users\HOME\Desktop\Dropbox.lnk
[2012.02.03 10:42:28 | 000,000,902 | ---- | C] () -- C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.01 23:20:57 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012.02.01 14:55:00 | 000,400,498 | ---- | C] () -- C:\Users\HOME\Documents\Sperling Auswertung.rar
[2012.01.25 14:32:15 | 000,048,712 | ---- | C] () -- C:\Users\HOME\Desktop\1992 - 2012.jpg
[2012.01.25 14:31:20 | 000,050,450 | ---- | C] () -- C:\Users\HOME\Desktop\1982 - 2012.jpg
[2012.01.25 14:30:40 | 000,049,141 | ---- | C] () -- C:\Users\HOME\Desktop\1972 - 2012.jpg
[2012.01.25 14:30:10 | 000,047,785 | ---- | C] () -- C:\Users\HOME\Desktop\2002 - 2012.jpg
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.27 23:37:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.06.17 10:48:20 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.17 10:48:20 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.08 00:08:26 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.06.08 00:08:26 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.04.19 21:05:05 | 000,001,356 | ---- | C] () -- C:\Users\HOME\AppData\Local\d3d9caps.dat
[2011.04.02 16:54:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.10 05:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011.02.06 23:37:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.02 16:13:50 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010.10.03 20:35:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.03 20:35:24 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.20 00:23:53 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.09.18 08:38:40 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.09.18 08:38:40 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.09.18 08:38:40 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.03.27 18:14:41 | 000,000,058 | ---- | C] () -- C:\Users\HOME\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.01.11 17:29:14 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.01.11 17:29:14 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.01.03 04:54:24 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2010.01.01 14:51:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.01.01 14:51:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.12.20 19:05:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.12.19 15:15:21 | 000,158,208 | ---- | C] () -- C:\Users\HOME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.19 11:50:10 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.01.21 08:15:58 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.02.22 16:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007.02.22 16:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,281,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:42 | 000,041,728 | ---- | C] () -- C:\Windows\System32\drivers\stusb2ir.sys
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..Z.ZZZZZZZZ.Z:1
 
< End of report >
         
Habe jetzt noch einen Scan mit dem Kaspersy TDSSKiller drüberlaufen lassen und bin fündig geworden. Leider kann ich die Reportdatei nicht kopieren - warum auch immer. Es gibt zwei Funde:

Unsigned file
Service: FsUsbExDisk
Suspicious object, medium risk
Service type: Kernel driver (0x1)
Service start: Demand (0x3)
File: C:\Windows\system32\FsUsbExDisk.SYS
MD5: cbe5f69a5e5b918225f420a748f3742

und

Unsigned file
Service: StarOpen
Suspicious object, medium risk
Service type: File system driver (0x2)
Service start: System (0x1)
File: C:\Windows\system32\drivers\StarOpen.sys
MD5: 306521935042fc0a6988d528643619b3

Vielleicht hilft euch das weiter!

Wollte mich informieren, ob noch was fehlt oder ob einfach gerade zu viel zu tun ist.

Grüße
Angehängte Dateien
Dateityp: txt Attach.txt (4,5 KB, 149x aufgerufen)

Alt 16.02.2012, 23:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich - Standard

... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich



Zitat:
- Diverse Programme scannen lassen (Spybot, Malwarebytes, Trojaner Killer, SuperAntiSpyware, Avast)
Ohne Logs wird das hier nichts.
Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich
acrobat update, adobe, alternate, antivirus, avast, avg secure search, blockiert, bonjour, converter, defender, device driver, firefox, google, google earth, helper, home, hotspot, hotspot shield, iobit, kaspersky, langs, mozilla, mp3, nvidia update, ohne internetverbindung, otl-log, programm, realtek, registry, rescue cd, safer networking, scan, secure search, security, staropen, studio, superantispyware, svchost.exe, system, systemcare, trojaner, updates, usb 2.0, version=1.0, warum, windows



Ähnliche Themen: ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich


  1. Ihr windowssystem wurde aus sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 06.04.2012 (8)
  2. Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (5)
  3. Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert- 50 €
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (2)
  4. Windowssystem wurde blockiert
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (7)
  5. Windowssystem wurde blockiert - 50 € bezahlen
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (7)
  6. Und noch einer: Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (25)
  7. Aus Sicherheitsgründen wurde ihr windowssystem blockiert...
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (3)
  8. Und noch einmal: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (4)
  9. Windowssystem wurde blockiert
    Alles rund um Windows - 05.02.2012 (1)
  10. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (11)
  11. Aus sicherheitsgründen wurde Ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (27)
  12. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (52)
  13. aus sicherheitsgründen wurde ihr windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (19)
  14. Windowssystem wurde blockiert -> 50 €
    Log-Analyse und Auswertung - 29.12.2011 (6)
  15. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 18.12.2011 (19)
  16. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (1)
  17. weder Zugriff auf die Registry, den Taskmanager, noch online update
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (20)

Zum Thema ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich - Hi! Ich habe heute bzw. jetzt gestern versucht meinen PC sauber zu bekommen leider nur mit kurzem Erfolg. Nach Studie diverser Foren und Abarbeitung der Vorschläge stehe ich quasi wieder - ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich...
Archiv
Du betrachtest: ... wurde ihr Windowssystem blockiert ; Weder Registry- noch Programmtipps erfolgreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.